Hello Friends, Today i am sharing about the most common vulnerability which is generally found in most of websites because of poor coding. First f all let me tell you what XSS is.
WHAT IS XSS: reference wikipedia -
"Cross-zone scripting is a browser exploit taking advantage of a vulnerability within a zone-based security solution. The attack allows content (scripts) in unprivileged zones to be executed with the permissions of a privileged zone - i.e.
a privilege escalation within the client (web browser) executing the script.
The vulnerability could be:
* a web browser bug which under some conditions allows content (scripts)
in one zone to be executed with the permissions of a higher privileged zone.
* a web browser configuration error; unsafe sites listed in privileged zones.
* a cross-site scripting vulnerability within a privileged zone
A common attack scenario involves two steps.
The first step is to use a Cross Zone Scripting vulnerability
to get scripts executed within a privileged zone. To complete the attack,
then perform malicious actions on the computer using insecure ActiveX components.
This type of vulnerability has been exploited to silently install
various malware (such as spyware, remote control software, worms and such)
onto computers browsing a malicious web page."
Second step is to code a XSS vulnerable page so here we go:
open notepad and copy content from links given below
save this page as index.html => http://pastebin.com/Y6pN08pv
save this page as: XSS.php => http://pastebin.com/L0E4bJKc
open index.html in firefox
enter a value and search ,return on the page of search and enter
send the form
Above was just a simple "non persistent XSS" ,However a XSS attack can lead to serious problems such as cookie stealing,privacy disclosure,defacing etc. You can code a cookie grabber and then u can redirect your victim to that script. Persistent XSS allows attacker to change the content of site means data so the website will look normal as all the links are given by the pwner of the site hence the victims will easily trust and may follow evil's link :P
now next step is to secure XSS:
simply use
use htmlspecialchars() function in PHP or use other function: htmlentities() :-)
code ==> http://pastebin.com/Cc4quJVB
In next post i'll write about How to bypass filter to get XSS on site and will share many more tricks that can be played in XSS vulnerable site ;-)
Happy hacking at your own risk :)
No comments:
Post a Comment