• 26,769
  • +1,026
  • 3,010
XSS Attack: Finding Simple XSS Vulnerability

XSS Attack: Finding Simple XSS Vulnerability

Bookmark

When reading "a lot of" request tutorial from you :-P, I will pick the topic about XSS Attack: finding simple XSS vulnerability. For some of you who already life in a web programming (client or server side scripting) maybe it's not a hard thing to find some web application bug that lead to XSS attack. But anyhow because I have slogan "from zero to hero" 🙂 I will start with the basic thing and we move to the advance part, that's why this tutorial I divided into 2 part.

This tutorial will cover finding the vulnerable website, set up the exploit server, creating bait for victim, and exploit them.

Firstly, as usual we need to know the basic of our topic today, what is XSS or Cross Site Scripting. According to Wikipedia:

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users.

When I do browsing and read from one forum or blog to another about XSS, there is many people asking "is XSS dangerous?" and the funny thing is someone still say "no it's not dangerous" -_- . The name is already containing "vulnerability" word which is vulnerable or I can say its unsafe.

The XSS itself divided into 2 persistent XSS and non-persistent XSS. Persistent XSS will harm the web server and also harm the users who are visiting the website, and non-persistent XSS is only affecting the users…if the attacker smart enough, even the admin also can go into the non-persisntent trap 🙂

I hope that simple explanation makes you clear about XSS….

Step by step finding simple XSS vulnerability:

1. Since XSS is a web application vulnerability, we will finding the vulnerable website by the help from Google dork. I will pick from the simplest one, a search feature in a website 🙂 .

inurl:.com/search.asp

Find and Exploit XSS Vulnerability

As you can see the result there are 144 million website with TLD .com and page search.asp, you can configure the google dork to suit your search result.

2. I get several website with XSS vulnerability after do the manual checking from google search result. If you don't know how to do the simple XSS checking, you can view the Basic Hacking via Cross Site Scripting tutorial.

Find and Exploit XSS Vulnerability

or this website

Find and Exploit XSS Vulnerability

3. After we get the XSS vulnerable website what is the next step?

The website result in the step 2 has a non-persistent XSS website, where this vulnerability not affect the web server directly but can affect the visitor who visit the malicious link.

4. The scenario will be like this.

Find and Exploit XSS Vulnerability

Attacker already do the step one and two, the next step he will sending the malicious link to the victim (in this scenario is the website administrator). While website administrator log in to the XSS vulnerable website where he administer it, the attacker can steal the cookie and act as administrator.

For the next step about step by step how to create the malicious link, and how to steal the administrator cookie, I will continue in the upcoming tutorial about XSS attack Hacking and Exploit XSS Vulnerability. Keep updated with .

Subscribe Now To Get The Latest Hacking Tutorial Update on Your E-Mail

Share this article if you found this post was useful:

Blogger at hacking-tutorial.com. Love PHP, offensive security and web. Contact him at me[-at-]vishnuvalentino.com

See all posts by || Visit Website : http://www.vishnuvalentino.com

  • davee

    alert(‘OMG. There is a possibility.’);

    • Glutius

      alert(‘OMG IT DOESN’T!’)

  • davee

    but here we can put script code??? how

  • lol

    alert(‘lol’)

  • lol

    alert(‘LOL’);

  • lol

    alert(‘lol’);

  • lol

    <script

  • lol

    <script

  • lol

    <script

  • lol

    <scriptalert(‘lol’);

  • lol

    <script

  • lol
  • lol
  • lol
  • lol

    ass

  • lol

    alert(‘lol’);

    ass

  • lol
  • lol

  • lol
  • lol

  • lol

    lol

  • lol

    alert(‘lol’);lol

  • lol

    alert(‘lol’);lool

  • lol

    “alert(‘lol’);lol

  • lol

    “alert(‘lol’);
    llol

  • lol

    “alert(‘lol’);lol

  • lol

    “alert(‘lol’)lol

  • lol

    “alert(‘lol’)loll

  • lol

    “alert(‘lol’)lol

  • lol

    “alert(‘lol’)lol

  • fdsaf

    alert(‘lol’)

  • haxxx

    alert(“Hello World”);

  • haxxx

    javascript:alert(“Hello World”);

  • 1

    alert(“Hello World”);