SlideShare a Scribd company logo

Cross-site scripting (XSS)

Download as PPTX, PDF
S
SongchaiDuangpan

Cross-site scripting (XSS)

Education
1 of 25
Songchai Duangpan 6136896
XSS Vulnerability : post_comment.php page
Looks like a basic blog, with a comment section and an admin portal. Clicking on the Admin link sends us to the login page, and we know this is a XSS challenge, so the obvious place to start is on the comments form which contains the fields Title, Author and Text. Going for the most basic of basic XSS tests, we pop <script>alert(‘XSS’)</script> straight into the Text field and get confirmation that the site is indeed vulnerable to XSS:
The assumption here is that there is an administrator who at some point will review the posted comments on the site, and with a XSS vulnerability, we have a chance to steal his session cookie value and use it to log into the site as the admin.
Create File Code use some Javascript to run client-side in the victim’s browser, and some PHP code to grab the cookie value and store it in a variable. Let’s run a local web server to host this PHP an grab the cookie when the victim views our blog post. There are lots of ways to do this, here’s my way:
Edit and Forward
“/ADMIN/EDIT.PHP?ID=2 we get error message: Now we know that the web sites' absolute path is “/var/www/”
since the user is root, now we can deploy a webshell…
Now we can see that the fa1c0n.php is created successfully.
Now we can see that the fa1c0n_shell.php is created successfully.
Run SimpleHTTPServer Run Command wget Now we can see that the fa1c0n_backdoor.php is created successfully.
With /css/falc0n_backdoor.php
Open nc Config falc0n_backdoor Connect successfully.
Password admin Sqlmap dump with --cookie

Recommended

Cross-Site Scripting course made by Cristian Alexandrescu
Cross-Site Scripting course made by Cristian Alexandrescu Cross-Site Scripting course made by Cristian Alexandrescu
Cross-Site Scripting course made by Cristian Alexandrescu
Cristian Alexandrescu
 
Blind XSS & Click Jacking
Blind XSS & Click JackingBlind XSS & Click Jacking
Blind XSS & Click Jacking
n|u - The Open Security Community
 
Session Hijacking course made by Cristian Alexandrescu
Session Hijacking course made by Cristian Alexandrescu Session Hijacking course made by Cristian Alexandrescu
Session Hijacking course made by Cristian Alexandrescu
Cristian Alexandrescu
 
XSS Exploitation
XSS ExploitationXSS Exploitation
XSS Exploitation
Hacking Articles
 
Ajax learning tutorial
Ajax learning tutorialAjax learning tutorial
Ajax learning tutorial
bharat_beladiya
 
Ajax difference faqs compiled- 1
Ajax difference faqs compiled- 1Ajax difference faqs compiled- 1
Ajax difference faqs compiled- 1
Umar Ali
 
Ajax difference faqs- 1
Ajax difference faqs- 1Ajax difference faqs- 1
Ajax difference faqs- 1
Umar Ali
 
Cookie note
Cookie noteCookie note
Cookie note
North Carolina State University
 

Recommended

Cross-Site Scripting course made by Cristian Alexandrescu
Cross-Site Scripting course made by Cristian Alexandrescu Cross-Site Scripting course made by Cristian Alexandrescu
Cross-Site Scripting course made by Cristian Alexandrescu
Cristian Alexandrescu
 
Blind XSS & Click Jacking
Blind XSS & Click JackingBlind XSS & Click Jacking
Blind XSS & Click Jacking
n|u - The Open Security Community
 
Session Hijacking course made by Cristian Alexandrescu
Session Hijacking course made by Cristian Alexandrescu Session Hijacking course made by Cristian Alexandrescu
Session Hijacking course made by Cristian Alexandrescu
Cristian Alexandrescu
 
XSS Exploitation
XSS ExploitationXSS Exploitation
XSS Exploitation
Hacking Articles
 
Ajax learning tutorial
Ajax learning tutorialAjax learning tutorial
Ajax learning tutorial
bharat_beladiya
 
Ajax difference faqs compiled- 1
Ajax difference faqs compiled- 1Ajax difference faqs compiled- 1
Ajax difference faqs compiled- 1
Umar Ali
 
Ajax difference faqs- 1
Ajax difference faqs- 1Ajax difference faqs- 1
Ajax difference faqs- 1
Umar Ali
 
Cookie note
Cookie noteCookie note
Cookie note
North Carolina State University
 
Css
CssCss
Css
bismasheikh3
 
CSS.ppt
CSS.pptCSS.ppt
CSS.ppt
ssuserec53e73
 
Xss
XssXss
Xss
Ilan Mindel
 
STORED XSS IN DVWA
STORED XSS IN DVWASTORED XSS IN DVWA
STORED XSS IN DVWA
Rutvik patel
 
Cross site scripting
Cross site scriptingCross site scripting
Cross site scripting
kinish kumar
 
Secure Code Warrior - Cross site scripting
Secure Code Warrior - Cross site scriptingSecure Code Warrior - Cross site scripting
Secure Code Warrior - Cross site scripting
Secure Code Warrior
 
xss-100908063522-phpapp02.pdf
xss-100908063522-phpapp02.pdfxss-100908063522-phpapp02.pdf
xss-100908063522-phpapp02.pdf
yashvirsingh48
 
Xssandcsrf
XssandcsrfXssandcsrf
Xssandcsrf
Prabhanshu Saraswat
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Security
Chris Hillman
 
Attacking Web Proxies
Attacking Web ProxiesAttacking Web Proxies
Attacking Web Proxies
InMobi Technology
 
Cross Site Scripting Defense Presentation
Cross Site Scripting Defense Presentation Cross Site Scripting Defense Presentation
Cross Site Scripting Defense Presentation
Ikhade Maro Igbape
 
Beyond xss
Beyond xssBeyond xss
Beyond xss
Judy Ngure
 
Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)
Amit Tyagi
 
Complete xss walkthrough
Complete xss walkthroughComplete xss walkthrough
Complete xss walkthrough
Ahmed Elhady Mohamed
 
Web Security
Web SecurityWeb Security
Web Security
Supankar Banik
 
SeanRobertsThesis
SeanRobertsThesisSeanRobertsThesis
SeanRobertsThesis
Sean Roberts
 
Web application attacks
Web application attacksWeb application attacks
Web application attacks
hruth
 
Xss ppt
Xss pptXss ppt
Xss ppt
chanakyac1
 
4.Xss
4.Xss4.Xss
4.Xss
phanleson
 
Introduction to Cross Site Scripting ( XSS )
Introduction to Cross Site Scripting ( XSS )Introduction to Cross Site Scripting ( XSS )
Introduction to Cross Site Scripting ( XSS )
Irfad Imtiaz
 
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxSKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
Amanpreet Kaur
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
Poh-Sun Goh
 

More Related Content

Similar to Cross-site scripting (XSS)

xss-100908063522-phpapp02.pdf
xss-100908063522-phpapp02.pdfxss-100908063522-phpapp02.pdf
xss-100908063522-phpapp02.pdf
yashvirsingh48
 
Cross Site Scripting Defense Presentation
Cross Site Scripting Defense Presentation Cross Site Scripting Defense Presentation
Cross Site Scripting Defense Presentation
Ikhade Maro Igbape
 

Similar to Cross-site scripting (XSS) (20)

Css
CssCss
Css
 
CSS.ppt
CSS.pptCSS.ppt
CSS.ppt
 
Xss
XssXss
Xss
 
STORED XSS IN DVWA
STORED XSS IN DVWASTORED XSS IN DVWA
STORED XSS IN DVWA
 
Cross site scripting
Cross site scriptingCross site scripting
Cross site scripting
 
Secure Code Warrior - Cross site scripting
Secure Code Warrior - Cross site scriptingSecure Code Warrior - Cross site scripting
Secure Code Warrior - Cross site scripting
 
xss-100908063522-phpapp02.pdf
xss-100908063522-phpapp02.pdfxss-100908063522-phpapp02.pdf
xss-100908063522-phpapp02.pdf
 
Xssandcsrf
XssandcsrfXssandcsrf
Xssandcsrf
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Security
 
Attacking Web Proxies
Attacking Web ProxiesAttacking Web Proxies
Attacking Web Proxies
 
Cross Site Scripting Defense Presentation
Cross Site Scripting Defense Presentation Cross Site Scripting Defense Presentation
Cross Site Scripting Defense Presentation
 
Beyond xss
Beyond xssBeyond xss
Beyond xss
 
Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)
 
Complete xss walkthrough
Complete xss walkthroughComplete xss walkthrough
Complete xss walkthrough
 
Web Security
Web SecurityWeb Security
Web Security
 
SeanRobertsThesis
SeanRobertsThesisSeanRobertsThesis
SeanRobertsThesis
 
Web application attacks
Web application attacksWeb application attacks
Web application attacks
 
Xss ppt
Xss pptXss ppt
Xss ppt
 
4.Xss
4.Xss4.Xss
4.Xss
 
Introduction to Cross Site Scripting ( XSS )
Introduction to Cross Site Scripting ( XSS )Introduction to Cross Site Scripting ( XSS )
Introduction to Cross Site Scripting ( XSS )
 

Recently uploaded

Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
ZurliaSoop
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
AnaAcapella
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
negromaestrong
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
kauryashika82
 

Recently uploaded (20)

SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxSKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdf
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
PROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docx
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
 
Dyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptxDyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptx
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
Third Battle of Panipat detailed notes.pptx
Third Battle of Panipat detailed notes.pptxThird Battle of Panipat detailed notes.pptx
Third Battle of Panipat detailed notes.pptx
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 

Cross-site scripting (XSS)

  • 2.
  • 3.
  • 4.
  • 5. XSS Vulnerability : post_comment.php page
  • 6.
  • 7. Looks like a basic blog, with a comment section and an admin portal. Clicking on the Admin link sends us to the login page, and we know this is a XSS challenge, so the obvious place to start is on the comments form which contains the fields Title, Author and Text. Going for the most basic of basic XSS tests, we pop <script>alert(‘XSS’)</script> straight into the Text field and get confirmation that the site is indeed vulnerable to XSS:
  • 8. The assumption here is that there is an administrator who at some point will review the posted comments on the site, and with a XSS vulnerability, we have a chance to steal his session cookie value and use it to log into the site as the admin.
  • 9. Create File Code use some Javascript to run client-side in the victim’s browser, and some PHP code to grab the cookie value and store it in a variable. Let’s run a local web server to host this PHP an grab the cookie when the victim views our blog post. There are lots of ways to do this, here’s my way:
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 16. “/ADMIN/EDIT.PHP?ID=2 we get error message: Now we know that the web sites' absolute path is “/var/www/”
  • 17.
  • 18. since the user is root, now we can deploy a webshell…
  • 19. Now we can see that the fa1c0n.php is created successfully.
  • 20. Now we can see that the fa1c0n_shell.php is created successfully.
  • 21.
  • 22. Run SimpleHTTPServer Run Command wget Now we can see that the fa1c0n_backdoor.php is created successfully.
  • 24. Open nc Config falc0n_backdoor Connect successfully.
  • 25. Password admin Sqlmap dump with --cookie