Cross Site Scripting (XSS) is a type of computer insecurityvulnerability typically found in web applications(such as webbrowsers through breaches of browser security) thatenables attackers to inject client-side script into web pagesviewed by the other users. Xss is mostly possible ondynamic website where input is require . There are three types of XSS:-1.Persistent (stored) XSS Attack is stored on the website’s server. 2.Non Persistent (reflected) XSS User has to go through a special link to be exposed 3.DOM-based XSS Problem exists within the client side scripts
The persistent(or stored) XSS vulnerability is a moredevasting variant of a cross site scripting flaw; it occurs whenthe data provided by the attacker is saved by the server, andthen permanently displayed on “normal” pages returned tothe users in the course of regular browsing without properHTML escaping. Simply persistent xss is occurs when the developer stores the user input data into database server or simply writing it in a file without a proper filtration, then sending them again to the client browser.
Vulnerable Apps DATA Forum ,blog ,search etc BASE SERVER <html> <script> <html> <script>VICTIM ATTACKER
This fig shows how an attacker execute itsmalicious script .Firstly attacker input his/herhtml or java script in search , forum or blog anddue to no input filtration the script is saved inserver then some other user click on this forumor page then the malicious script is executedon the victim or client browser. Some example of scripts:- <script>alert(“Hello World”);</script> This script is used to pop up a box contain message Hello World <script>alert(document.cookie);</script> This script is used to show your cookies
To perform cross site scripting for learningpurpose you can setup ur own server with avulnerable appsYou can use XAMPP server andDVWA application for thispurpose you can download thisfrom:-http://www.apachefriends.org/en/xampp-windows.htmlhttp://sourceforge.net/projects/dvwa/ I login in my DVWA (damn vulnerable web application) the default username is “admin” and password is “password” without quotation marks.
When I input text message then its ok nothing happen itshow my message in box. lets try some script on thismessage box
In this time I write stored xss in name field and <script>alert(“hello you are hacked”);</script>in message field and when I click on guestbook it pop up a message every time any other userclick on the guestbook or this page he will get same message because the input is stored on theserver database.
The non-persistent( or reflected) cross site scriptingvulnerability is by far the most common type. These holesshow up when the data provided by a web client, mostcommonly in HTTP query parameters or in HTML formsubmissions, is used immediately by server-side scripts togenerate a page of results for that user, without sanitizing therequest.
Vulnerable Apps DATA Forum ,blog ,search etc BASE SERVER <html> <script> <html> <script> script Session idVICTIM PHISING ATTACKER
In persistent of reflected XSS the script is executed when it is input onthe forum or database in client browser when it submit it so this is notan serious problem but this is also used to steal other cookies (session idand other important info ) .The attacker send an message to client or victim through email (fakemail) in which he write Dear customer we have notice some illegalactivity in ur account to check where it is you or some other please clickthis link to do that and the mail is crafted so nice the victim is come is onthe attacker net to do this attacker used other social engineeringtechniques to fool the victims.When victim click on ur link the script is executed and send the victimcookies info to attacker website to do this attacker used a php script andhost it in web hosting website when victim click the cookies info ofvictim is send to attacker website where he is host his/her php script ina plain text format he /she used it to login ur website .
You can either used DVWA or WebGoat application to test ur skills likereal scenario u can download WebGoat through OWASP website . Here Iused DVWA application to demonstration. Hack to learn not learn to hack
Here I write kinish kumar and then submit then it display my nameagain we write script and see what it display
Here I write <script>alert(“hello”);</script> and then it doesn’t displaythe script it execute it but it executed once that is the basic difference ofpersistent and non persistent xss.
Here I write script to display cookie I.e,<script>alert(doucument.cookie);</script>and it show the cookies and we can do lot of things when we get somebodycookies by apply phishing or social engineering methods.
Some vulnerable websites are :-1. http://www.timesjobs.com/candidate/companySearch.htm2. http://www.gnomonwatches.com3.http://www.jouezetgagnez.net/index.php?email= Here I will do reflected xss on www.gnomonwatches.com because it is vulnerable to cross site scripting but please don’t do that this is illegal . ALWAYS REMEMBER THIS QUOTE :-
Reference:- www.infosec4all.tk http://en.wikipedia.org/wiki/Cross- site_scripting https://www.owasp.org/index.php/Cross- site_Scripting_(XSS) I try my best to explain basics of cross site scripting if there is any mistake please comment and give ur valuable suggestions.