Cross Site Scripting (XSS) is a vulnerability found in websites which allows an malicious attack/cracker to inject client-side scripts into the web pages. By using this vulnerability an attaker can deface a website, redirection attacks can be done and session cookie stealing is also possiable by exploiting this vulnerability.
There are two types of XSS vulnerability found in web applications.
1. Non-persistent
2. Persistent
Non-persistent
Non-persistent type of XSS vulnerability is the most comman one. Non-persistent XSS happens when a malicious HTML query is done by an attacker and that query is used immiediatly by the server-side to generate the page result.
Persistent
Persistent type of XSS vulnerability is a dangerous kind of vulnerability. This happens when a malicious HTML query is done by the attacker and that query is immediatly saved by the server and is permanently displayed on the normal pages.
In this tutorial I'm going to show you how to deface a XSS vulnerable site via Non-persistent XSS vulnerabillty.
In order to find sites vulnerable to XSS use google dorks. The most comman google dork used by attackers to exploit the XSS vulnerability is:
inurl:search.php?q=
How to find if the website is XSS vulnerable or not. Example Website: "www.website.com/search.php?q"
Open the website, you will find a search box. in that search box type this code:
<script>alert("XSS Detected !!")</script>
And click on search. If the site is vulnerable, you will get a Jquery box saying "XSS Detected", if you got that you can move foreward to deface the website site.
Now if you want just to display a simple message like "H4CK3D", Enter the below HTML code and click on search.
<h1><center><b>Hacked by H@x0r_C0d3/K!lL</h1></center></b>
Follow me on
Your blog is your personal online diary which combines the text, images and other media, and links to other blogs, web p...
0 comments:
Post a Comment