» » » XSS:Cross Site Scripting!
Saturday, September 21, 2013



Hey guys This is $K..

Today i'm gonna explain complete XSS...

XSS is also called -Cross Site Scripting


According to Wikipedia

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same origin policy. Cross-site scripting carried out on websites accounted for roughly 84% of all security vulnerabilities documented by Symantec as of 2007.[1] Their effect may range from a petty nuisance to a significant security risk, depending on the sensitivity of the data handled by the vulnerable site and the nature of any security mitigation implemented by the site's owner.

Cross site scripting(XSS) are mainly of two types :
  • Presistent

  • Non-Presistent

 1. Presistent:- XSS Presistent is also called stored XSS.. This occurs when --'' The data provided by the attacker is saved by the server, and then permanently displayed on "normal" pages returned to other users in the course of regular browsing, without proper HTML escaping. A classic example of this is with online message boards where users are allowed to post HTML formatted messages for other users to read..

This is usually found in search,find etc. fields... Its too dangerous... Cookie stealing,pishing can also be performed *__*

2.Non-Presistent:- XSS Non-Presistent is also called reflected XSS... This occurs when --'' The data provided by a web client, most commonly in HTTP query parameters or in HTML form submissions, is used immediately by server-side scripts to parse and display a page of results for and to that user, without properly sanitizing the request.

These also are same as XSS Presistent usually found in empty fields..

XSS today is one of the most common Vulnerability Found on web...



Today i'm gonna explain you how to perform XSS presisitent...

1. Find a XSS presistent vulnerable site..
2. Then watch the url carefully...
3. Type ur name in the search field..
4. If its XSS vulnerable ur name should be shown in the url :]
5. Use some scripts that can proof that this web-page is really vulnerable to XSS.. Type :< script >alert("$K Magic")
(remove the spaces between < and Script >
Did it opened a pop-up saying $K Magician ??..
Thus, it is XSS Presistent vulnerable..!! :)


I will Post about more XSS Non-Presistent And even new XSS'S!!

Thank You For Reading

Video Tutorial Coming Soon!!!!!!!!!!


Keep learning.....

$K....
Posted by at 6:53 AM
Labels: ,

0 comments :

Post a Comment

Subscribe to: Post Comments ( Atom )