Home ✦ Hacking ✦ Learn Hacking ✦ Web Hosting ✦ Website Hacking ✦ Xss Explaination , How can an XSS vulnurable website Hack ??
Posted by: Deepak Posted date: 03:41 / comment : 1
Cross Site Scripting aka XSS is one of the common vulnerability in any web application. so today i'll explain you what exactly XSS is and how we can use this vulnerability to blow any web app who is suffering from this vulnerability.
What is XSS (Cross Site Scripting)- As i have mentioned above it is one of the common vulnerability in web app which allows Hacker or Attacker to insert malicious code into web app.using this vulnerability hacker can also change the index page by adding some code into url. this kind of venerability is also helpful for attacker to bypass web security and can also applicable in "Phishing" on falls user.
Xss Types : This vulnerability allows 3 types of XSS attacks given below :-
What is "DOM Based XSS" ??
DOM (Document Object Model Based) XSS use by an Attacker to work on victim's local machine not on a website.various operating systems usually includes HTML pages created for different purpose but as long as humans do mistakes this HTML pages often can be exploited due to code vulnerabilities.
DOM Based XSS Affect victim's local machine in this ways :
- The attacker creates a well builded malicious website
- The ingenuous user opens that site
- The user has a vulnerable page on his machine
- The attacker’s website sends commands to the vulnerable HTML page
- The vulnerable local page execute that commands with the user’s privileges
on that machine.
- The attacker easily gain control on the victim computer.
Non-Persistent : This is the most common vulnerability can be found in WebApp. It's name Justify its process as it works on an immediate HTTP response from victim website.
It show up when webpage get the data feed by attacker .it will generate a result page
for the attacker himself. out of this attacker can provide any malicious code and try to make the server executable in order to obtain some result.
we can get such websites which is vulnerable for this NON Persistent XSS.
Persistent : The persistent XSS vulnerabilities are Similar like (Non-persistent XSS), as a result of each works on a victim web site and tries to hack users informations and therefore the distinction is that in websites susceptible to Persistent XSS the offender doesn’t got to give the crafted address to the users, as a result of the web site itself permits to users to insert mounted knowledge into the system: this is often the case for instance of “guestbooks”. typically the users uses that sort of tool to go away messages to the closely-held of the web site and at a primary look it doesn’t appears one thing dangerous, however if Hacker discover that the system is vulnerable will insert some malicious code in his message and let ALL guests to be victim of that.
This works once the tool provided (the guestbook within the example) doesn’t do any check on the content of the inserted message: it simply inserts the info provided from the user into the result page.
How to notice XSS Vulnerbilitys ?
Well begin to finding these vulnerbilitys you'll be able to start finding out Blogs, Forums, Shoutboxes, Comment Boxes, Search Box’s, there are too several to say.
Using ‘Google Dorks’ to form the finding easyier, Ok if you wanna get down, goto google.com and search inurl:”search.php?q=” currently that's a typical page and has alot of results. additionally note that the majority sites have XSS vulnerbilitys, its simply having a decent eye, and a few smart information on the way to bypass there filteration.
Basics of XSS
Well currently lets begin learning some Actual ways, the foremost common used XSS injection is :
alert(”The Hacker News”)
now this can alert a popup message, locution “The Hacker News” while not quotes.
So,use “search.php?q=” and you'll straightforward strive the subsequent on an internet site with a similar issue,
if you see the daring text on the page and newlines then you is aware of its vulnerable.
now a way to deface an internet site exploitation XSS …
Here is two examples
This Post is only for Educational purpose.it does not relate with any hacking attempt on any website by anyone.
This is a short description in the author block about the author. You edit it by entering text in the "Biographical Info" field in the user admin panel.
Car Lovers, Here are 10 amazing Concept Cars for next generation. 1. Toyota-FT-HS Hybrid power-train meets sports-car fundamental...
Hey TechLovers, Many times you need additional drive for installing programs and other tools in your system for that you generally prefer ...
Hey Tech Lovers, Here we come up with a new technology who reduces electricity dependency. Epiphanylaboratories come up with thi...
Hey Folks, Since 2008 Android Covering up to half of the mobile market by launching its amazing updates in its MOS.In 2008 initial ...
Hey Guyz, As you all know Microsoft Going to stop the very famous OS Windows XP in coming April. After that Microsoft not gonna release any...
In history Microsoft Changed its products name several times. Recently "Metro" name was replaced by "Windows 8" which h...
Hey Frnz, Finally OS X Mavericks Launched,Lets See what features it has : 1.Tabbed Finder windows It looks obvious looking back, h...
Hi Guyz, Have you checked out ?? Google Launches new version of Google Maps or we should says its completely new experience for google ...
Hey Guyz, NASA's 8 SubDomains Hacked & Defaced by Italian Hackers. In Defacement page hackers didn't mention any reason for thi...
Hi Guyz, In the earlier version of Whatsapp you were not able to hide your "Last Seen". Anybody able to see when you were recentl...
- Android Apps
- Android History
- Android Tips & Tricks
- Asus T100
- Blogger SEO
- Boost website traffic
- Bug Bounty
- Future Cars
- Galaxy s4
- gaming Laptops
- Google Maps 2014
- Hacking Attacks
- Hacking News
- iOS 7
- Ipad mini 2
- iPhone 5C
- iPhone 5S
- iPhone Apps
- Learn Hacking
- Microsoft Hacked
- New Gadgets
- New Operating System
- os X
- OS X Mavericks
- SEO Tips
- Track Phone
- Web Hosting
- Website Hacking
- Whatspp Privacy
- Windows Hacking
- Windows Softwares
- Windows Tools
- Windows XP End of life