1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Basics of XSS or Cross Site Scripting Explained

Discussion in 'Ethical hacking Tips' started by lionaneesh, Oct 9, 2011.

  1. lionaneesh

    lionaneesh Active Member

    Joined:
    Mar 21, 2010
    Messages:
    848
    Likes Received:
    224
    Trophy Points:
    43
    Occupation:
    Student
    Location:
    India
    Cross Site Scripting also known as XSS is a popular type of Client Site Attack, It is a type of attack which occurs in Web-Applications and allows an attacker to inject desired client-side scripts into Web-Pages viewed by others.

    Types of XSS



    This attack is mainly of 2 types

    Non-Persistent

    This type of attack is carried out by injecting some client side code in a Vulnerable URL. Now further the Attacker can spread this URL and send it to his/her victims by means of some social engineering etc , on clicking these links the Victims Unknowingly executes the injected code , Which in turn can result in Cookie stealing , Privacy Disclosure etc.

    Persistent

    This type of Attack is more dangerous and it occurs when the data provided by the attacker is stored by the server, which is viewed as a normal page to the normal users.
    Now Further the Attacker can simply inject some malicious Client Side Code which in turn can result in Defacement of the Website, Cookie Stealing, and Privacy Disclosure etc.

    Demo



    Now that we know something about what are these type of vulnerabilities and how they occur let’s actually take a look at how these vulnerabilities occur How to test it!
    Xss.php
    PHP:
    <html>
    <head>
        <title>Vulnerable to XSS</title>
    </head>
    </html>
    <body>
    <h1>Welcome to XSS Demo Page</h1>

    <p>The Data Entered is As Follows :- </p>

    <?php

    /**
     * @author lionaneesh
     * @copyright 2011
     */
     

    if(isset($_GET['data']))
    {
        
    $data $_GET['data'];
    }
    else
    {
        
    $data "No Data Entered !";
    }

    echo 
    "<i>$data</i>";

    ?>

    </body>
    Now Just Go to :-

    Site.com/path/xss.php?data=<script>alert(“XSS”);</script>

    And See what happens!

    Wow! An Alert box saying XSS will appear proving that your injected code actually executed! Now this is just an example of how these vulnerabilities can occur in web-applications and how you can test them!

    How to Fix Them



    If you’re one of the people whose site is vulnerable to this type of attack I recommend fixing it as soon as possible, For the scope of this tutorial I’ll be only covering on how these vulnerabilities can be fixed in PHP , If you are using some other language , I recommend you to check your Language Reference or Contact Me .

    PHP Provides a function called htmlspecialchars() which converts the chars into their HTML entities. Now we’ll just use this in the above code and check what happens.
    Xss.php (line number 33)
    PHP:
    echo htmlspecialchars("<i>$data</i>");
    Now let’s once more Go to :-

    Site.com/path/xss.php?data=<script>alert(“XSS”);</script>

    And See what happens!

    Voila! U can notice the change now!

    That’s all for this tutorial stay tuned for more
     
    soona, boki, pradeep and 1 other person like this.
  2. lionaneesh

    lionaneesh Active Member

    Joined:
    Mar 21, 2010
    Messages:
    848
    Likes Received:
    224
    Trophy Points:
    43
    Occupation:
    Student
    Location:
    India
    Thanks for Accepting , I hope the viewers like it!
     
  3. mitchumango

    mitchumango New Member

    Joined:
    Oct 9, 2011
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    0
    This isn't working for me. I can set $data to a string by using "/xss.php?data=mitch", but I can't execute any scripts. Is it possible that htmlspecialchars() is automatically turned on?
     
  4. lionaneesh

    lionaneesh Active Member

    Joined:
    Mar 21, 2010
    Messages:
    848
    Likes Received:
    224
    Trophy Points:
    43
    Occupation:
    Student
    Location:
    India
    The XSS protections are implemented in some browsers , like Google Chrome etc!
    Try it with Mozilla or Internet Explorer!
     
  5. chandru4u

    chandru4u Banned

    Joined:
    Sep 6, 2011
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    0
    Occupation:
    Information Security Consultant
    Location:
    INdia
    Home Page:
    Latest Version of All Browser have the XSS Protection bydefault is Enable .

    Protection for ASP.NET

    Microsoft Anti-XSS Library .

    General Protection:

    Input Validation .

    Final Protection:

    Implement WAF - Web Application Firewall

    Thanks

    Chandru
     
  6. johnhawk

    johnhawk New Member

    Joined:
    Nov 23, 2011
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    0
    Home Page:
    Re:

    Programming language very difficult but there are essay daily handle this work...!
     
  7. phpcrazy

    phpcrazy New Member

    Joined:
    Dec 26, 2011
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    myanmar
    Home Page:
    nice to your post
     

Share This Page