Hack websites using Cross Site Scripting



This is the first article on website hacking on my blog. In this tutorial i am going to explain about CROSS SITE SCRIPTING ATTACK.

 Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications that enables malicious attackers to inject client-side script into web pages viewed by other users. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy.

 Types of XSS vulnerabilities:

 1.Persistent
2.Non persistent

 In this post i am going to explain about the non persistent vulnerability.

 Non persistent XSS vulnerability is the Most Common Type of XSS Flaw. It is a Server Side Vulnerability
When a Web Server takes any input from a User and returns the same back to the User without any Validation, This leads to a Non-Persistent XSS Vulnerability.

 What can a hacker do with this??

 XSS Attacks be used for the following:
        
        �Compromising and Hijacking Accounts
        �Stealing User Cookies
        �Defacing Websites
        �Phishing Attacks
        �Posting False or Hostile Content

 Steps to hack:

 Step 1: Find vulnerability.

 Step 2: Deface.

 Finding out the vulnerability:

 1)Find a textbox in the site or something where you can submit text.

2)Type in the following:

 <script>alert("hackinginception");</script>

 3)If it is vulnerable it should look like this:

Defacing:

 There are some ways to deface a site when you find a XSS vulnerability.

 1) Makes A Picture Pop-Up:

 "><script>location="www.website.com/yourdefacepic";</script>

 2) Replace The Content Of The Page By An Image:

 <img src="yoursite.com/yourdefacepic/>

 3)Redirect To A Website

 <script>window.location="http://www.yoursite.com"</script>

 NOTE: 
Since this is a non-persistent attack,the changes made by you will not affect the website. But the hackers use these vulnerabilities to steal the information of the visitors of those sites. 
I will write some articles on those topics soon.

 Hope you liked this article... Leave your comments if you have any doubts or suggestions.

Posted by at
Labels: ,

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)
Related Posts Plugin for WordPress, Blogger...