2. Cross Site Scripting (XSS) is a type of computer insecurity
vulnerability typically found in web applications(such as web
browsers through breaches of browser security) that
enables attackers to inject client-side script into web pages
viewed by the other users. Xss is mostly possible on
dynamic website where input is require .
There are three types of XSS:-
1.Persistent (stored) XSS
Attack is stored on the website’s server.
2.Non Persistent (reflected) XSS
User has to go through a special link to be exposed
3.DOM-based XSS
Problem exists within the client side scripts
3. The persistent(or stored) XSS vulnerability is a more
devasting variant of a cross site scripting flaw; it occurs when
the data provided by the attacker is saved by the server, and
then permanently displayed on “normal” pages returned to
the users in the course of regular browsing without proper
HTML escaping.
Simply persistent xss is occurs when the developer
stores the user input data into database server or
simply writing it in a file without a proper filtration,
then sending them again to the client browser.
4. Vulnerable Apps
DATA Forum ,blog ,search etc
BASE
SERVER
<html>
<script> <html>
<script>
VICTIM
ATTACKER
5. This fig shows how an attacker execute its
malicious script .Firstly attacker input his/her
html or java script in search , forum or blog and
due to no input filtration the script is saved in
server then some other user click on this forum
or page then the malicious script is executed
on the victim or client browser.
Some example of scripts:-
<script>alert(“Hello World”);</script>
This script is used to pop up a box contain
message Hello World
<script>alert(document.cookie);</script>
This script is used to show your cookies
6. To perform cross site scripting for learning
purpose you can setup ur own server with a
vulnerable apps
You can use XAMPP server and
DVWA application for this
purpose you can download this
from:-
http://www.apachefriends.org/en/xampp-windows.html
http://sourceforge.net/projects/dvwa/
I login in my DVWA (damn vulnerable web
application) the default username is
“admin” and password is “password”
without quotation marks.
7.
8. When I input text message then its ok nothing happen it
show my message in box. lets try some script on this
message box
9. In this time I write stored xss in name field and <script>alert(“hello you are hacked”);</script>
in message field and when I click on guestbook it pop up a message every time any other user
click on the guestbook or this page he will get same message because the input is stored on the
server database.
10. The non-persistent( or reflected) cross site scripting
vulnerability is by far the most common type. These holes
show up when the data provided by a web client, most
commonly in HTTP query parameters or in HTML form
submissions, is used immediately by server-side scripts to
generate a page of results for that user, without sanitizing the
request.
11. Vulnerable Apps
DATA Forum ,blog ,search etc
BASE
SERVER
<html>
<script> <html>
<script>
script
Session id
VICTIM PHISING ATTACKER
12. In persistent of reflected XSS the script is executed when it is input on
the forum or database in client browser when it submit it so this is not
an serious problem but this is also used to steal other cookies (session id
and other important info ) .
The attacker send an message to client or victim through email (fake
mail) in which he write Dear customer we have notice some illegal
activity in ur account to check where it is you or some other please click
this link to do that and the mail is crafted so nice the victim is come is on
the attacker net to do this attacker used other social engineering
techniques to fool the victims.
When victim click on ur link the script is executed and send the victim
cookies info to attacker website to do this attacker used a php script and
host it in web hosting website when victim click the cookies info of
victim is send to attacker website where he is host his/her php script in
a plain text format he /she used it to login ur website .
13. You can either used DVWA or WebGoat application to test ur skills like
real scenario u can download WebGoat through OWASP website . Here I
used DVWA application to demonstration.
Hack to learn not learn to hack
14. Here I write kinish kumar and then submit then it display my name
again we write script and see what it display
15. Here I write <script>alert(“hello”);</script> and then it doesn’t display
the script it execute it but it executed once that is the basic difference of
persistent and non persistent xss.
16. Here I write script to display cookie I.e,<script>alert(doucument.cookie);</script>
and it show the cookies and we can do lot of things when we get somebody
cookies by apply phishing or social engineering methods.
17. Some vulnerable websites are :-
1. http://www.timesjobs.com/candidate/companySearch.htm
2. http://www.gnomonwatches.com
3.http://www.jouezetgagnez.net/index.php?email=
Here I will do reflected xss on
www.gnomonwatches.com because it is
vulnerable to cross site scripting but please don’t
do that this is illegal .
ALWAYS REMEMBER THIS QUOTE :-
18.
19. DOM-based vulnerabilities occur in the content processing stages performed by the
client, typically in client-side JavaScript. The name refers to the standard model for
representing HTML or XML contents which is called the Document Object Model
(DOM) JavaScript programs manipulate the state of a web page and populate it with
dynamically-computed data primarily by acting upon the DOM.
OR
DOM-based Cross-Site Scripting is the de-facto name for XSS bugs which are the result
of active browser-side content on a page, typically JavaScript, obtaining user input and
then doing something unsafe with it which leads to execution of injected code. This
document only discusses JavaScript bugs which lead to XSS.
The DOM, or Document Object Model, is the structural format used to represent
documents in a browser. The DOM enables dynamic scripts such as JavaScript to
reference components of the document such as a form field or a session cookie. The
DOM is also used by the browser for security - for example to limit scripts on different
domains from obtaining session cookies for other domains. A DOM-based XSS
vulnerability may occur when active content, such as a JavaScript function, is modified
by a specially crafted request such that a DOM element that can be controlled by an
attacker.
20. Reference:-
www.infosec4all.tk
http://en.wikipedia.org/wiki/Cross-
site_scripting
https://www.owasp.org/index.php/Cross-
site_Scripting_(XSS)
I try my best to explain basics of cross site scripting if there is
any mistake please comment and give ur valuable suggestions.