• 2007/10/27XSS The Complete Walkthrough [About] - [安全文摘]


    --==+                     XSS The Complete Walkthrough [About]                       +==--
    Author: t0pP8uZz
    Description: Complete tutorial on XSS methods.
    Homepage: G0t-Root.net, H4cky0u.org, Milw0rm.com
    Date: 24/07/07
    What is XSS?
    Finding XSS Vulnerbilitys
    The Basics On XSS
    Deface Methods
    Cookie Stealing
    Filteration Bypassing
    Advanced XSS
    Securing XSS
    --==+          XSS The Complete Walkthrough [Chapter 1 - What is XSS?]               +==--
    'XSS' also known as 'CSS' (Cross Site Scripting, Easily confused with 'Cascading Style Sheets')
    is a very common vulnerbility found in Web Applications, 'XSS' allows the attacker to INSERT
    malicous code, There are many types of XSS attacks, I will mention 3 of the most used.
    The First Attack i wana talk about is 'URL XSS' this means that the XSS wont stay on the page
    it will only get executed if you have the malicous code in the URL and submit the url
    we will talk more on how to use this in our advantage.
    The Second Attack is input fields, Where ever you can insert data, it is very common, to be XSS
    vulnerable, for example say we found a site with a search engine, Now in the search box you enter
    'hacker' now hit enter, when the page loads, if it says your data like 'Found 100 Results For hacker'
    ok now you see its displaying out data on the page, now what if we can exexute code? there is no possible
    way to execute PHP code in this Attack, but certainly is for HTML, Javascript, but be aware this method,
    Also wont stay on the server, this is for your eyes only.
    The Third Attack, with this attack you will be able to INSERT data (code) and it will stay on the website.
    now there are 2 kinds, it depends if we can execute PHP or HTML if we can inject PHP then we can also 
    inject HTML but NOT vice versa, Ok this kinda attack is normally found on Blogs, Shoutboxes, Profiles
    Forums, just most places where you insert data and it stays there. now HTML is totally diffrent then PHP
    HTML downloads to your pc and then your 'Browser' parses/interprets the code, (thats why its source is viewable)
    With PHP the code is interpretued on the server the script is hosted on, then the data is returned to the browser.
    for PHP injection its rare, But it dont harm to try. Note: PHP code cant be injected into HTML page!
    --==+      XSS The Complete Walkthrough [Chapter 2 - Finding XSS Vulnerbilitys]      +==--
    Well to start finding these vulnerbilitys you can start checking out
    Blogs, Forums, Shoutboxes, Comment Boxes, Search Box's, there are too many to mention.
    Using 'Google Dorks' to make the finding easyier, Ok if you wana get cracking, goto google.com and type
    inurl:"search.php?q=" now that is a common page and has alot of results, to find out some attacks move
    onto the next chapter.
    Also note that most sites have XSS vulnerbilitys, its just having a good eye, and some good knowledge
    on how to bypass there filteration.
    --==+          XSS The Complete Walkthrough [Chapter 3 - The Basics On XSS]          +==--
    Well now to crack on, and start learning some Actual Methods, the most common used XSS injection is
    now this will alert a popup message, saying "XSS" without quotes, its easily editable.
    So backtracking on the last chapter im assuming you remember we talked about, search.php?q=
    well you can simple try the following on a website with the same thing, 
    there are good chances of it working, but dont be worried if it dont, just try diffrent sites.
    some other easy XSS (i dont think people realise they can insert HTML not just javascript)

    XSS if you see the bold text on the page and newlines then you knows its vuln, then can move on using some methods explained later on in the tutorial. --==+================================================================================+==-- --==+ XSS The Complete Walkthrough [Chapter 4 - Deface Methods] +==-- --==+================================================================================+==-- Well now you understand how XSS works, we can explain some simple XSS deface methods, there are many ways for defacing i will mention some of the best and most used, the first one being IMG SCR, now for those of you who dont know html, IMG SCR is a tag, that displays the IMAGE linked to it on the webpage. ok now if u change the link to a valid picture link, and save it and run it you will see what i mean. Right now say you have found a Shoutbox, Comment box, or anything that shows your data after you submitted it you could insert the following to make the picture display on the page. the other tags are not needed has the page will already have them. (rare cases they will not) Ok it helps to make your picture big so it stands out and its clear the site got hacked. Another method is using FLASH videos, its the same has the method below but a more stylish deface.