What is Cross Site Scripting?
It is a vulnerability typically found in web applications.A hacker can use this vulnerability to inject client-side script into web pages viewed by other users.
What can an attacker do with this?
Attackers can do the following things
Advantages over normal phishing:
In Normal phishing the victim will be given a link which is made by the hacker. A person with basic knowledge can recognize that it was a fake link.But in XSS the victim cannot suspect the link because it contains a trusted URL.
Demonstration Of XSS -Phishing
Steps involved in the attack
Step 1: Finding a XSS vulnerability
First we need to find a vulnerable website. This can be done using google. Go to google and search using the following Dork.

Step 2: Craft your link.
In this step we have to craft a link from the vulnerability of the website.
Your link will look like
http://site.com/search.php?q=<script>alert("you are hacked")</script>
You can use your specially crafted link to steal your victim’s information just as in phishing.
EXAMPLE:
You can replace “http://www.101hacker.com/” with your fake login page’s link.Then it takes the victim to your fake login page.
Step 3:Send the link to your victim
Now you can send your specially crafted link to the victim by any means as you do in normal phishing.
Conclusion:
This is such a dangerous vulnerability in web applications. It got 2nd rank in OWASP top 10 vulnerabilities.If a hacker finds this vulnerability in any of the bank websites, he can attempt a malicious attack against the customers of the bank and steal lots of information like credit cards, account numbers, passwords etc by simply sending a group mail to the customers of the bank.
It is a vulnerability typically found in web applications.A hacker can use this vulnerability to inject client-side script into web pages viewed by other users.
What can an attacker do with this?
Attackers can do the following things
- Steal user cookies and can take complete account takeover
- Steal data on web pages viewed by victim
- Deface pages viewed by victim
- Use web pages for phishing
Advantages over normal phishing:
In Normal phishing the victim will be given a link which is made by the hacker. A person with basic knowledge can recognize that it was a fake link.But in XSS the victim cannot suspect the link because it contains a trusted URL.
Demonstration Of XSS -Phishing
Steps involved in the attack
- Finding a XSS vulnerability
- Craft your link.
- Send the link to your victim
First we need to find a vulnerable website. This can be done using google. Go to google and search using the following Dork.
inurl: "search.php?q="
To test the vulnerability you can inject the following code in search fields,comment fields of your website.
<script>alert("you are hacked")</script>
If it returns an alert box showing “you are hacked”, That site is vulnerable to XSS.To test the vulnerability you can inject the following code in search fields,comment fields of your website.
<script>alert("you are hacked")</script>
Step 2: Craft your link.
In this step we have to craft a link from the vulnerability of the website.
Your link will look like
http://site.com/search.php?q=<script>alert("you are hacked")</script>
You can use your specially crafted link to steal your victim’s information just as in phishing.
EXAMPLE:
I am showing you an example with vulnerable link found in google.
Note:
This link is kept here for demonstration purpose only. I will not be held responsible if you do any thing illegal with this and this bug is not fixed yet. If google fixes it,it may not work.
http://www.google.com/search?btnI&q=allinurl:http://www.101hacker.com/
(credits- wolfmankurd)
When the victim clicks this link,he will be redirected to http://www.101hacker.com/ Note:
This link is kept here for demonstration purpose only. I will not be held responsible if you do any thing illegal with this and this bug is not fixed yet. If google fixes it,it may not work.
http://www.google.com/search?btnI&q=allinurl:http://www.101hacker.com/
(credits- wolfmankurd)
Step 3:Send the link to your victim
Now you can send your specially crafted link to the victim by any means as you do in normal phishing.
Conclusion:
This is such a dangerous vulnerability in web applications. It got 2nd rank in OWASP top 10 vulnerabilities.If a hacker finds this vulnerability in any of the bank websites, he can attempt a malicious attack against the customers of the bank and steal lots of information like credit cards, account numbers, passwords etc by simply sending a group mail to the customers of the bank.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.