XSS Me
Hey there I am booted in Backtrack 3, awesome for you non-users. Well I just used XSS Me on a target and out of 324 tests 323 passes and 1 returned a warning. This is the warning:
* VTI-GROUP: 0
Result Details:
*
o Test had Warnings
o The attack string was found in the html of the document
o Test value: ¼script¾document.vulnerable=true;¼/script¾
I am not an XSS expert at all. This is confusing to me if someone would please explain more in depth.
chronicburst wrote: Hey there I am booted in Backtrack 3, awesome for you non-users. Well I just used XSS Me on a target… I am not an XSS expert at all. This is confusing to me…
Tools are meant to expedite the discovery of vulnerabilities by those that are knowledgeable enough to find them on their own. Without a basic knowledge of XSS, you cannot expect to exploit it.
You must use it to know how to EXPLOIT IT!
So, close out of Backtrack, open up your Windows machine, Google "XSS", read something that looks educational, test in a VM to gain technique… then, come back to it when you know at least enough of what you're doing to actually do it.
I dont get what your asking
it says what it has done (put a script box in a field and get a response) put a javascript alert box in that field you will get a popup box put other scrpits in get other things happening http://www.w3schools.com/JS/default.asp
javascript: alert("test")
Now I am sort of confused by this. And I do not know if this has to do with XSS or not, but correct me if I am wrong. This means I am injecting javascript and when it successfully outputs "test" the javascript is fully executed on the remote server… So would this not be a hole? I can't see how it wouldn't be a hole. It seems it must. XSS or not. Well not XSS because thats cross site, could I bring that into the picture via a method of javascript injection.. I am so confused by all of this. I can't find an example of what an xss hole would look like.
chronicburst wrote: javascript: alert("test")
Now I am sort of confused by this. And I do not know if this has to do with XSS or not, but correct me if I am wrong. This means I am injecting javascript and when it successfully outputs "test" the javascript is fully executed on the remote server… So would this not be a hole? I can't see how it wouldn't be a hole. It seems it must. XSS or not. Well not XSS because thats cross site, could I bring that into the picture via a method of javascript injection.. I am so confused by all of this. I can't find an example of what an xss hole would look like.
ok if you put this in the url bar(javascript:alert(/xss/);, it will be executed by the browser, not by the server. I'd say most common xss is in search query, such as http://24hourhiphop.com/search.php?query=aa%22%3E%3Cscript%3Ealert(/xss/)%3C/script%3E&Submit=Search if you then check the source, you will see that all you type in the query is displayed on the server, therefor executed… Usually you will be using "><script>alert(/something/)</script> (again I'd say most common string used). First off you close any tag, in which query text might have been included and then you just input your script/html/whatever you want. However this type of XSS is only usable to steal cookies, as it's not constantly displayed by the server ( as e.g. on guestbook ). But xss is not bound just on this example, you will find xss in many more places, within post and get requests etc.
Well what do you know, I found a search bar on the server. /search_site/search.htm This is what I am going to start with. Now I will need to see if the search is running via a external site? Haha and of course it is, Powered by: http://www.atomz.com/