CROSS-SITE-SCRIPTING (XXS Attacks)

Wednesday, 1 July 2015

CROSS-SITE-SCRIPTING (XXS Attacks)

July 01, 2015 Leave a Reply

Hi Friends, Today I am going to tell you about Cross-Site-Scripting (XXS). This is my First Post on XXS. So I will go for Low difficult not Advance, which will make easy to understand the advance tricks in future. Let’s Begin…..

:: About ::

Cross-Site-Scripting is a computer security vulnerability found in web applications. XXS allows code injection by malicious web user into Internet Pages viewed by other users. In a XXS attack, the attacker gains the ability to see private user IDs, Passwords, Credit card information and other personal identification. Cookie Stealing & Session overriding are other effects of XXS. These attacks are accomplished by JavaScript which is used to record & write data on the other website. There are Three Types of XXS Vulnerability Attacks: Non-persistent, Persistent, and Dom Based.
This is about XXS attack in Brief. Let’s Start the Demo on XXS attack by which you can understand How the Cross-Site-Scripting done.

:: Follow These Steps ::

1} Go to This Website use FireFox: testphp.vulnweb.com [see image]


2} Click on Guest Book, you will see a board, in that board write this code.

 <script>alert(‘hello’);</script>

3} Now Click on add message.

You will get an alert message this is which script (JavaScript) is reflected which means this application is Vulnerable by XXS. [see image]


Also you Can Add this alert message to the Blog or on Website. Remember the code…….
This is how it Works. Now Let’s Do little bit advance.

:: Follow These ::

We come across the alert message Now in the place of alert message we will display a Image using XXS.

1} Select Your Image and upload it free Image Hosting Server use postimage.org. [See Image Below]



2} After uploading you will get its Links. Take the note of Direct Link.

3} Here we need a HTML code.

 <img src='http://s6.postimg.org/budqs6jbl/images.jpg' alt='some_text'>

4} Go to the Site Open in Firefox: testphp.vulnweb.com

5} Place this Code in the board. And click add image. You will see the Image which means it is vulnerable to XXS . [See the Image Below]


6} Done Enjoy………….


Now here you understand How XXS attacks are done. In my Future Post I will discuss about advance XXS attacks. Feel Free to Like this and Share this. 

Any Problem contact me. Subscribe to RRS feed and 

Like My Facebook Page and Follow Me for Daily Updates on your Wall.      
Previous Post
Next Post
Gaurav Thakur

Hi, I'm Gaurav Thakur. I'm the proud owner of PahadiGeeks. I've interest in tech since childhood. So, I thought to why not share my knowledge with you guys. This gives birth to our blog, PahadiGeeks.com

0 comments: