Xss Attack tutorial

Introduction

'XSS' also known as 'CSS' (Cross Site Scripting) is a very common vulnerability found in Web Applications, 'XSS' allows the attacker to inject malicious code , the reason of that is the developer trusts user inputs, or mis filtering issues ,then send back user input data to the client browser so the malicious code will execute

Types of XSS

There are Three Types of XSS

• Persistent (Stored) XSS = Attack is stored on the website,s server

• Non Persistent (reflect) XSS = user has to go through a special link to be exposed

• DOM-based XSS = problem exists within the client-side script

Persistent XSS

The persistent XSS vulnerability is a more devastating variant of a cross-site scripting flaw: it occurs when the data provided by the attacker is saved by the server, and then permanently displayed on "normal" pages returned to other users in the course of regular browsing, without proper HTML escaping. A classic example of this is with online message boards where users are allowed to post HTML formatted messages for other users to read. Simply Persistent XSS is occurs when the developer stores the user input data into database server or simply writing it in a file without a proper filtration , then sending them again to the client browser.

for test vulnerability use this script <script>alert("HELL")</script>

If you got This PoPup so your site is Vulnerable

Dorks

!xss inurl:com_feedpostold/feedpost.php?url=

!xss inurl:/products/orkutclone/scrapbook.php?id=
!xss inurl:/products/classified/headersearch.php?sid=
!xss inurl:/poll/default.asp?catid=
!xss inurl:/search_results.php?search=Search&k=
!xss /preaspjobboard//Employee/emp_login.asp?msg1=
!xss pages/match_report.php?mid= pages/match_report.php?mid=
!xss /notice.php?msg= /notice.php?msg=
!xss /gen_confirm.php?errmsg= /gen_confirm.php?errmsg=
!xss /index.php?option=com_easygb&Itemid=
!xss /2wayvideochat/index.php?r=
!xss /view.php?PID= /view.php?PID=
!xss /Property-Cpanel.html?pid= /Property-Cpanel.html?pid=
!xss /showproperty.php?id= /showproperty.php?id=
!xss /vehicle/buy_do_search/?order_direction=
!xss /elms/subscribe.php?course_id= /elms/subscribe.php?course_id=
!xss /winners.php?year=2008&type= /winners.php?year=2008&type=
!xss /schoolmv2/html/studentmain.php?session=
!xss /site_search.php?sfunction= /site_search.php?sfunction=
!xss /search.php?search_keywords= /search.php?search_keywords=
!xss /hexjector.php?site= /hexjector.php?site=
!xss /news.php?id= /news.php?id=
!xss /index.php?view=help&faq=1&ref=
!xss inurl:"contentPage.php?id="
!xss inurl:"displayResource.php?id="
!xss intext:"Website by Mile High Creative"
!xss index.php?option=com_reservations&task=askope&nidser=2&namser= "com_reservations"
!xss /info.asp?page=fullstory&key=1&news_type=news&onvan=
!xss /ser/parohija.php?id= /ser/parohija.php?id=
!xss /strane/pas.php?id= /strane/pas.php?id=
!xss /main.php?sid= /main.php?sid=

Share This Post »»

Penulis : Admin ~ Sebuah blog yang menyediakan berbagai macam informasi

Artikel Xss Attack tutorial ini dipublish oleh Admin pada hari Saturday 28 December 2013 . Semoga artikel ini dapat bermanfaat.Terimakasih atas kunjungan Anda silahkan tinggalkan komentar.sudah ada 1 comments : di postingan Xss Attack tutorial