When reading "a lot of" request tutorial from you :-P, I will pick the topic about XSS Attack: finding simple XSS vulnerability. For some of you who already life in a web programming (client or server side scripting) maybe it's not a hard thing to find some web application bug that lead to XSS attack. But anyhow because I have slogan "from zero to hero" 🙂 I will start with the basic thing and we move to the advance part, that's why this tutorial I divided into 2 part.
This tutorial will cover finding the vulnerable website, set up the exploit server, creating bait for victim, and exploit them.
Firstly, as usual we need to know the basic of our topic today, what is XSS or Cross Site Scripting. According to Wikipedia:
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users.
When I do browsing and read from one forum or blog to another about XSS, there is many people asking "is XSS dangerous?" and the funny thing is someone still say "no it's not dangerous" -_- . The name is already containing "vulnerability" word which is vulnerable or I can say its unsafe.
The XSS itself divided into 2 persistent XSS and non-persistent XSS. Persistent XSS will harm the web server and also harm the users who are visiting the website, and non-persistent XSS is only affecting the users…if the attacker smart enough, even the admin also can go into the non-persisntent trap 🙂
I hope that simple explanation makes you clear about XSS….
1. Since XSS is a web application vulnerability, we will finding the vulnerable website by the help from Google dork. I will pick from the simplest one, a search feature in a website 🙂 .
As you can see the result there are 144 million website with TLD .com and page search.asp, you can configure the google dork to suit your search result.
2. I get several website with XSS vulnerability after do the manual checking from google search result. If you don't know how to do the simple XSS checking, you can view the Basic Hacking via Cross Site Scripting tutorial.
or this website
3. After we get the XSS vulnerable website what is the next step?
The website result in the step 2 has a non-persistent XSS website, where this vulnerability not affect the web server directly but can affect the visitor who visit the malicious link.
4. The scenario will be like this.
Attacker already do the step one and two, the next step he will sending the malicious link to the victim (in this scenario is the website administrator). While website administrator log in to the XSS vulnerable website where he administer it, the attacker can steal the cookie and act as administrator.
For the next step about step by step how to create the malicious link, and how to steal the administrator cookie, I will continue in the upcoming tutorial about XSS attack Hacking and Exploit XSS Vulnerability. Keep updated with .