Understanding Cross Site Scripting-XSS

Hi friends,I hope all you are f9.Today I am going to teach you one of most Web hacking used skill or we can say technique/method known as Cross-site scripting. Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications that enables attackers to inject client-side script into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same origin policy. Cross-site scripting carried out on websites accounted for roughly 80% of all security vulnerabilities documented by Symantec as of 2007. Their effect may range from a petty nuisance to a significant security risk, depending on the sensitivity of the data handled by the vulnerable site and the nature of any security mitigation implemented by the site's owner.

Cross site scripting (XSS) occurs when a user inputs malicious data into a website, which causes the application to do something it wasn’t intended to do. XSS attacks are very popular and some of the biggest websites have been affected by them including the FBI, CNN, EBay, Apple, Microsoft, and AOL. Some website features commonly vulnerable to XSS attacks are:
• Search Engines
• Login Forms
• Comment Fields

There are three types of XSS attacks:

1. Local – Local XSS attacks are by far the rarest and the hardest to pull off. This attack requires an exploit for a browser vulnerability. With this type of attack, the hacker can install worms, spambots, and backdoors onto your computer.
2. Non-Persistent – Non-persistent attacks are the most common types of attack and don’t harm the actual website. Non-persistent attacks occur when (- a scripting language that is used for client-side web development.) or HTML is inserted into a variable which causes the output that the user sees to be changed. Non-persistent attacks are only activated when the user visits the URL crafted by the attacker.
3. Persistent – Persistent attacks are usually used against web applications like guest books, forums, and shout boxes. Some of the things a hacker can do with a persistent attacks are:
• Steal website cookies (Cookies are used by web browsers to store your user information so that you can stay logged into a website even after you leave. By stealing your cookie, the attacker can sometimes login without knowing your password.)
• Deface the website
• Spread Worms 
 
Now that you know what cross site scripting is, how can you tell if a website if vulnerable to it?
1. If there is a search field, enter a word and if that word is displayed back to you on the next page, there’s a chance it is vulnerable.
2. Now we will insert some HTML. Search for <h1>hi</h1>, and if the word “hi” is outputted as a big header, it is vulnerable.
3. Now we will insert JavaScript. Search for <script>alert(“hi”);</script> , if the word “hi” pops up in a popup box, then the site is vulnerable to XSS.
4. As you can see, these examples are non-persistent. Now if a hacker found a guestbook or something else like it that was vulnerable, he would be able to make it persistent and everyone that visits the page would get the above alert if that was part of his comment.
Hackers knowledgeable in JavaScript and PHP will be able to craft advanced XSS attacks to steal your cookies and spread XSS worms, but to show you a simple example of something more realistic then the above examples, I will show you how a hacker could use XSS to help with phishing.

1. Let’s say a hacker wants to phish passwords from www.victim-site.com. If he was able to find an XSS vulnerability anywhere on the website, he would be able to craft a link pointing to the legit website that redirects to his phishing website.
107
2. In the example with the popup, when I inserted the JavaScript into the search box, a URL was formed that looked like the following:
Here you can see that the code you typed into the search box was passed to the “searchbox” variable.
3. In the URL the hacker would then replace everything in between ?searchbox= and &search with the following JavaScript code:
<script>window.location = “http://phishing-site.com”</script>
4. Now when you go to the finished link, the legitimate site will redirect to the phishing website. Next what the hacker would do is encode the URL to make it look more legit and less suspicious. You can encode the URL at http://www.encodeurl.com/.
5. My finished encoded URL is: http%3A%2F%2Flocalhost%2Fform.php%3Fsearchbox%3D%3Cscript%3Ewindow.location+%3D+%5C%22http%3A%2F%2Fphishing-site.com%5C%22%3C%2Fscript%3E%26search%3Dsearch%21
6. Once the victim sees that the link points to the legitimate website, he will be more likely to fall for the phishing attack.

Enjoyed this article! Have fun : D

Join me on Google+

Respected Readers :- As a 18 years old student, running the top most blog in today's world is something quite difficult to do or handle as we bring the best things available related to ethical hacking and security tips to our readers every day. To keep us strong with this attitude, a small contribution from your side will highly be appreciated.

 

E njoyed this post very much – So why not you Subscribe to our regular Email Updates ! and stay connected with us forever .  

Kindly Bookmark and Share it with your friends :