Sunday, September 15, 2013

Hack websites using Cross Site Scripting XSS

This is the first article on website hacking on my blog. In this tutorial i am going to explain about CROSS SITE SCRIPTING ATTACK.

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications that enables malicious attackers to inject client-side script into web pages viewed by other users. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy.

Types of XSS vulnerabilities:

2.Non persistent

In this post i am going to explain about the non persistent vulnerability.

Non persistent XSS vulnerability is the Most Common Type of XSS Flaw. It is a Server Side Vulnerability
When a Web Server takes any input from a User and returns the same back to the User without any Validation, This leads to a Non-Persistent XSS Vulnerability.

What can a hacker do with this??

XSS Attacks be used for the following:

•Compromising and Hijacking Accounts
•Stealing User Cookies
•Defacing Websites
•Phishing Attacks
•Posting False or Hostile Content

Steps to hack:

Step 1: Find vulnerability.

Step 2: Deface.

Finding out the vulnerability:

1)Find a textbox in the site or something where you can submit text.

2)Type in the following:


3)If it is vulnerable it should look like this:


There are some ways to deface a site when you find a XSS vulnerability.

1) Makes A Picture Pop-Up:


2) Replace The Content Of The Page By An Image:

<img src=">

3)Redirect To A Website


Since this is a non-persistent attack,the changes made by you will not affect the website. But the hackers use these vulnerabilities to steal the information of the visitors of those sites.
I will write some articles on those topics soon.

Hope you liked this article... Leave your comments if you have any doubts or suggestions.

No comments:

Post a Comment