XSS (Cross Site Scripting) Attack, Part 1(Basics)

XSS (Cross Site Scripting) Attack

*Without going into the history of it, i would like to start with the topic right away.

So, what is a CSS or XSS Attack ?

Cross site scripting is a kind of security vulnerability mostly found in websites with dynamic content, where an attacker injects a client side script like JavaScript, on a webpage, which is to be viewed by other users.

Now the question is: Where to insert such script ?

The answer is simple. You can insert them anywhere in a webpage, where a website accepts some values from the user, like text boxes in a website ( which includes search boxes, comment boxes, shoutboxes etc.) and after injecting them, the website will execute that code, and respond to it accordingly.

TYPES:

• Persistent:

                            In a persistent XSS attack, the injected script remains in the webpage, after you have returned from the page or site (mostly in the case of comment boxes).

• Non Persistent:

          

                            Script no longer exists on the webpage, after you have returned back from that page.

• Dom Based:

                            

                            When a hacker uses XSS to explore the DOM (Document Object Model) environment of a website.

• RedXss:

                            

                            Attack on the pages using MyCode to hack users on that page.

(Although, Persistent XSS is not much popular, but if successfully done, it can cause more harm than the other three, as because in case of persistent one, the script remains on the webpage and if some other user visits that page, then his private information can be passed on to the hacker. I'll discuss more about it in my next tutorial, regarding the use of Persistent XSS.)

Prerequisites:

• IP cloner software
• Web browser (i prefer mozilla)

                            

                            Now, all you need to do is, to open the target website, say www.target.com and in its search box, type the following code:

                            <script>alert("CHECK1XSS")</script>            (---1)

or you can even use this code and type this in the address bar:

                            www.target.com/search.php?q=<script>alert("CHECK1XSS")</script>

                            This code will probably display you a message box, saying CHECKIXSS , without quotes. If so, it means that the site is vulnerable to XSS, and if not, then  it means that the site is using some filters for the search box, and hence rejects the queries including the characters like quotes.

What next ?? We are stuck up in the middle !!

Yeah, but not exactly. There are ways to bypass such filters.

                            In the above example, if we somehow manage to remove the quotes, we can get through. But the problem is that we can enter a string value only in quotes. Hence, in this case, we can use the String.fromCharCode() function, as stated below:

                        <script>alert(String.fromCharCode(67,72,69,67,75,49,88,83,83))</script>

This code will do the same function as our code 1, and what we have done here is that we have converted the whole string to ASCII codes, where 67,72,69,67,75,49,88,83,83 are the ASCII codes for C,H,E,C,K,1,X,S,S respectively.

                            The code above uses JavaScript, and it is case sensitive. Hence, use the code as it is shown in the example, or else, it won't execute.

                            What the code is doing, is that it is taking the ASCII values of the characters in the string, i.e. CHECK1XSS, and returning them as a string, to the server.

Okay, enough for now :)

In my next tutorial, i'll be posting on advanced XSS.

Stay tuned...