Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

XSS

By ghostghost | 7327 Reads |
0     0

Hey everyone.

I’m sure most people know what xss is. So, this article is meant for those that don’t.

I’ve known for a while what xss is. I’ve known what it was used for. But, I never really understood it. Anyway, xss, or cross site scripting, is used to steal cookies. Why steal cookies you ask. Simple really, cookies usually contain sensitive data, ex. usernames, passwords, personal info. And, sessions.

A session is exactly as it sounds. It’s a unique # the server uses to identify someone. When someone logs in, the server will generate a random # and save it as a cookie on that users comp. Then, when the user browses the site, rather than having to login again on each page, the server will look for the seesion #, and check to see who it matches. When that user logs out, the session is destroyed. So, if you could obtain that users session #, you could trick the server into thinking you were that person. However, if you try to use that users session # after he/she has logged out, it will be invalid.

So, lets see about the other stuff on cookies, say username and passwords. Most of the time the password will be encrypted. Mayby the username to. So, your first step is figuring out what type of encryption it uses. Some probable ones are: md5 sha1 base64 des It’s not too hard to tell these apart. MD5 has 32 chars, SHA1 has 40, and sometimes different lengths. I don’t know much about DES, except that I hate it. Base64 often ends with a “=”. And, it is the only one out of the four that is decryptable. The others you have to bruteforce, or dictionary attack. But, the good thing about them, they don’t expire unless the user changes his/her pass.

So, you know why you want cookies, now how do you get them? Well, as alot of people don’t know what cookies are, or what they do. You could probably just ask for them. If this doesn’t work, don’t give up hope, there are other ways. When you goto sites, you’ve probably seen search boxes, places to login, register an acct. ect. These are all possible targets.

To test them, you could try a few things. Such as

<script>alert("xss")</script>

You are trying to see if javascript is filtered, if you hit enter or w/e, and a msg box pops up, you know it is not. However, if nothing happens, don’t loose hope. They’ve filtered the most common way. This is usually expected. Hmm. What other ways are there? Mayby this will work..

<img src="x.gif" onerror="alert('xss')">

And there’s many more, I leave the task of finding ways of injecting js to you.

Now, if a msg box poped up, time to move on to the next step. How could we use this to get cookies? Well, usually, searches and other stuff, you GET, which means variables are passed in the url. So, if you look up at the url, you may see thing similiar to

http://site.com/index.php?query=this+is+my+search
http://site.com/index.php?a=register&type=free
http://site.com/index.php?a=view&page=register

So, if you see a site that has something like that, good. You can now start on your cookie stealer. I’m not going to show how to make a cookie stealer, it’s not hard to find out how to. Just do a quick search. Also, if you look at the third example, you may notice that it could be vulnerable to rfi, or remote file include.

Well, thats about all I can tell you. You just need to learn how to make a cookie logger. (It’ll probably at most, take an hour. But, more than likely, only a few minutes.) Also, the thing I never understood until recently, aren’t all sites vulnerable to xss. I mean, look what happens if you type this in the url bar of any site.

javascript:alert(document.cookie)

And there you go, you got your cookie for any site. No need in all that fancy xss stuff. Well, I’m sorry I was such a tard. Though that will show YOU your cookie, it wont show you anyone elses. Now, you could have someone type that in the url bar, except with code that send you their cookie. Except, theres no way for you to spread that. You need to be able to make it clickable. And unfortunately, that wont work. However, if you can get the website to proccess js for you, you can make that into a link.

I hope you guys like my article. Sorry if I didn’t cover or explain some things, but I myself am still a n00b in xss. Please leave me comments. :D

–Adlez

Comments
I-O-W-A's avatar
I-O-W-A 17 years ago

Nice Artical Adlez

ghost's avatar
ghost 17 years ago

Errmm… there are loads of articles on XSS, I fail to see how one more is a good thing

ghost's avatar
ghost 17 years ago

Yay adlez you finnally wrote one yesterday lol

ghost's avatar
ghost 17 years ago

I thought it was a good read.

ghost's avatar
ghost 17 years ago

I've learned more from this article. Good job…

ghost's avatar
ghost 17 years ago

:ninja::ninja::happy::@:|:o:(:|:|:wow::wow::wow::love::matey:

^ | thats my opinion of the article :P

ghost's avatar
ghost 17 years ago

I really liked that. Nice article, it was easy and gave a good example I may have to steal :D.

Uber0n's avatar
Uber0n 17 years ago

Easy to read and good basic info. Well done! :happy:

ghost's avatar
ghost 17 years ago

nicely done. well writen.

ghost's avatar
ghost 17 years ago

Thanks Everyone, glad you liked it. :D

ghost's avatar
ghost 17 years ago

Outstanding article, I am not the best at XSS, but now i have the best understanding that i ever had, 100%, great job, keep them comming!!

ghost's avatar
ghost 16 years ago

great article for beginners to start with. wel done!

kingasmk's avatar
kingasmk 13 years ago

Great article :D