Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

XSS That some people forget about


XSS That some people forget about

By ghostghost | 5761 Reads |
0     0

Ok, if you don’t already know what XSS is, then google it and learn the basics, because I am not going to reinvent the wheel, because that would be just another article repeated in HBH’s archives.

So first off lets say we are working with a search page on a website. Most commonly you would try asdf to see if it allowed tags. Now more and more websites are catching up on the XSS exploit, and are stripping tags in their search pages and other input forms. However there is ways and things that the programmer of the site may have forgotten about. The majority of explotis in big websites that think they have their security good, will be in the minor little things that they forget about.

So now that you have tried the old normal html tags in the search, and your attempt fails, think for a second. Is there other search options, that don’t exactly give you your very own text input normally like a select box? Well you could always use some Javascript to edit that value to make it close the option in the html and therefore breaking you out of the select box and allowing you to enter html.

Here is an example of above before a user edits it with javascript.

Now after the user injects the form with “>redinsert html tags here:

Now another way you can do the samething as above but a little different is if the search text box keeps your search keywords in the box after clicking search then you have another chance to input html. Look the source and see how many quotes they use for the value of the textbox and then enter that and the closing bracket and voila! Once again you have html input.

So here is the example of the source before the input:

And after injecting in the text box with asdf“>insert html tags here

insert html tags here

In conclusion, you want to look for things that the programmer may have forgotten to secure such as a username availability page or what not.

This article is for educational purposes only. HBH and the author are not responsible for any actions learned through this article.

  • Chislam

Comments
Uber0n's avatar
Uber0n 18 years ago

This was a nice article ^^ specially liked the textbox thing (never thought of that one before) ;) Thanks!

ghost's avatar
ghost 18 years ago

I've used them before. :happy:

ghost's avatar
ghost 18 years ago

This was an ok Artical. Next time give a little more detail. Show examples.

ghost's avatar
ghost 18 years ago

I updated it with examples :D

thk-geo's avatar
thk-geo 18 years ago

What do you mean forgot? i use em all the time :P

ghost's avatar
ghost 18 years ago

well as in people forgetting i mean the people who coded the site and they forget about the little things that can actually hurt them.

ghost's avatar
ghost 18 years ago

Well the most common way to use them is with picture and event attach to it … [ img ]' onmousemove='window.history.go(-1)[ /img ]. This let you run javascript code easily and is harder to detect because you're not using any html tag. Also if you can add html tag like this its probably because you could already add them without any bbcode tag or something else.

ghost's avatar
ghost 18 years ago

well this article is stuff more related to breaking out of text boxes and what not.

ghost's avatar
ghost 17 years ago

A little short, but really helpful.

ghost's avatar
ghost 17 years ago

I dont really understand this example, the injection is made from the query string no? I don't see how the form is being changed…

Also Arto, the trouble with that is most forum software uses htmlentities and double quotes on the html attributes so you cant break out of an img tag attribute because if you use a " its replaced with the html quote entity. I'd really like to see some up to date attack methods