What is Cross-Site Scripting? XSS Types, Examples, & Protection
Hello guys in this tutorial we are going to discuss about Xss cross scripting.How it would be executed.
To perform Xss attack we need some tools
You should Have some minimum knowledge on Html and Javascript.
Try to learn server related courses like
jsp,Php.
Kali linux software
DVMA tool
without Dvma tool you can't perform xss cross scripting attack.In this attack hackers inject malicious code/payload in Webapplications.it a common vulnerability.
Where hackers try to inject malicious java script codes into the vulnerable Web applications/website.They can also add some fake login pages to steal user credentials like userid and passwords.
Hackers can steal cookies,session hijacking,website defacement,Performing site Redirections,changing site Source code.It can do most Damage on Web applications/website.
These are categorised into 2types as
stored xss attack &
Reflected Xss attack
Even the owner of the website didn't know that you have modified the database code.
Now switch open XSS store from the menu.Now fill comment box with name,email,Message .Inside the message box area generally it provides space to enter the comment.
But The try to inject some java script code for doing Redirections,popup display,payload hit submit.If user tries to add comment in text area it automatically redirects to another website or show any pop up dialog box.
it is quite harder than stored xss script.Where in Reflected Xss script that helps hackers to redirect to specific custom url developed by them.
At first Hackers send http request to a specific server then it commands back some danger script including http response.
For doing this process use Dvma tool in kali linux
before use Dvma we have to start apache and mysql servers.
STEP1: type the following command and hit enter to start apache server
STEP2: to Start mysql server tap below command hit enter
STEP3: now open below link and Type Username&Password hit login
http://localhost/dvwa/login.php
STEP4: Now we have to change Dvma Security level from High to low.we can't change it manually.
STEP5:Open Dvma Security button
select low option hit submit
STEP6: Now select Reflect Attack from menu bar
STEP7: Enter popup Java script code hit submit.
If it returns with a alert box.Then the website is vulnerable for xss
attack
STEP8: Now verify URL your code has been added to url.
Where name paramter is vulnerable to xss attack.Now you can write some code to make a fake login page etc. And send to the victims.
Note:Before sending links you should encode url to md5/ hexa or any other form so then human can't read it. People with least knowledge don't know what's going on.
i hope you may understand how dangerous xss attack.It is most powerful than sql injection.By taking some security measures we can defend website from sql injection.
Kindly Take lot of care who are using blogspot,WordPress frok xss attacks.It is very difficult to prevent xss attack with WordPress.So always audit your website to protect from malwares and virus.
Disclaimer – Our tutorials are designed to aid aspiring pen testers/security enthusiasts in learning new skills, we only recommend that you test this tutorial on a system that belongs toYOU. We do not accept responsibility for anyone who thinks it’s a good idea to try to use this to attempt to hack systems that do not belong to you.
To perform Xss attack we need some tools
You should Have some minimum knowledge on Html and Javascript.
Try to learn server related courses like
jsp,Php.
Kali linux software
DVMA tool
without Dvma tool you can't perform xss cross scripting attack.In this attack hackers inject malicious code/payload in Webapplications.it a common vulnerability.
Where hackers try to inject malicious java script codes into the vulnerable Web applications/website.They can also add some fake login pages to steal user credentials like userid and passwords.
What's Demerits of Xss cross scripting
Hackers can steal cookies,session hijacking,website defacement,Performing site Redirections,changing site Source code.It can do most Damage on Web applications/website.
Types of Xss!How it Works?
These are categorised into 2types asstored xss attack &
Reflected Xss attack
Xss stored attack
it means the hacker had inserted some code(it helps hacker to monitor ) in the Website database.where the user's send data through input like in Payment gateway,comment box,
Even the owner of the website didn't know that you have modified the database code.
Now switch open XSS store from the menu.Now fill comment box with name,email,Message .Inside the message box area generally it provides space to enter the comment.
But The try to inject some java script code for doing Redirections,popup display,payload hit submit.If user tries to add comment in text area it automatically redirects to another website or show any pop up dialog box.
Reflected Xss script
it is quite harder than stored xss script.Where in Reflected Xss script that helps hackers to redirect to specific custom url developed by them.
At first Hackers send http request to a specific server then it commands back some danger script including http response.
For doing this process use Dvma tool in kali linux
before use Dvma we have to start apache and mysql servers.
STEP1: type the following command and hit enter to start apache server
root@seven:~# service apache2 start
STEP2: to Start mysql server tap below command hit enter
services.root@seven:~# service mysql start
STEP3: now open below link and Type Username&Password hit login
http://localhost/dvwa/login.php
STEP5:Open Dvma Security button
select low option hit submit
STEP6: Now select Reflect Attack from menu bar
STEP7: Enter popup Java script code hit submit.
If it returns with a alert box.Then the website is vulnerable for xss
attack
STEP8: Now verify URL your code has been added to url.
Where name paramter is vulnerable to xss attack.Now you can write some code to make a fake login page etc. And send to the victims.
Note:Before sending links you should encode url to md5/ hexa or any other form so then human can't read it. People with least knowledge don't know what's going on.
i hope you may understand how dangerous xss attack.It is most powerful than sql injection.By taking some security measures we can defend website from sql injection.
My Advice
Kindly Take lot of care who are using blogspot,WordPress frok xss attacks.It is very difficult to prevent xss attack with WordPress.So always audit your website to protect from malwares and virus.
Post a Comment
Post a Comment