Okay, in this tutorial We aim to give you a very basic understanding of cross-site scripting, also known on XSS. We advise you do this on Mozilla's Firefox web browser or Google Chrome, as newer versions of Internet Explorer edit the site to prevent XSS.
Finding your target.
Obviously, before you can hack a site, you need to find a site vulnerable to what you want to do, in this case, XSS. We can do this using a search engine. I recommend Google What we want to search is A Vulnerable XSS Site By Using The Dork Below:
Quote: inurl:guestbook html enabled
What you should see as a list of results is many websites containing "guestbooks". A guestbook is a page of website, where users may leave comments, it is recommended the guestbook you choose doesn't send posts for moderation before they are publically shown.
Is my target vulnerable?
To find this out, we need to do a small XSS test. Doing this is simple. Go into the guestbook and add a post. In the comment/content/post box, send the following line of code.
Quote: "><script>alert("Vulnerability Test")</script>
If the site is vulnerable, a popup window saying "Vulnerability Test" will appear.
Injecting HTML.
Now we want to take advantage of the XSS vulnerability. Type in the following:
Quote: "><script>alert("I have hacked your site")</script>
<!--Hacked By (Your name)-->
(Message to the viewer)
[Any other HTML code you would like to add]
(Message to the viewer)
[Any other HTML code you would like to add]
You can put as much HTML as you want in it, and if you have a good understanding of HTML, you can edit the page itself, but I won't go into that, as this is just a basic XSS Tutorial.
I hope you understood and learned something from Our tutorial. Any questions? Comment Below!
I hope you like this post please share it to many people ..!! :)
No comments :
Post a Comment