-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Offensive XSS 101 IMC GrahamPhisher.com IMC Security Team InsaneMasterminds.com GPCO@Ymail.com -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Introduction - Offensive XSS 101 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Cross site scripting, better known as XSS, is one of the webs most common vulnerabilities found in websites. XSS allows a attacker to inject a script into a victims site, the script is usually made in JavaScript (usually for re-directing the website or, logging the login details of everyone who logs on into the site, a popular method today since the attacker won't have to do any decrypting.), or HTML (usually just used for defacement purposes). -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Finding Vulns - Offensive XSS 101 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Now we get onto finding XSS vulnerabilities in websites, warning don't go doing this on some super duper haxor site, you'll look like a clown and will probably be offline for the weekend. Anyways the first step for looking for holes, is usually in the site's search, shout-box, bulletin boards, and basically anywhere your able to post content. Enter a random HTML tag, and see if the board executes it, if it does you found a hole! -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Moddifying Posts - Offensive XSS 101 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Modifying post parameters is another way of finding XSS vulns, because some web developers might not cut off HTML/JS in something like the date of post, authors name, and whatever else is available to you when submitting content. A coo tool you can use for this is called Tamper Data, a "addon" for Firefox, basically all you do is open Tamper Data after adding it to Firefox, and press Start Tamper, so when you post it will allow you to edit the post parameters to test for XSS vulnerabilities. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Discovered - Offensive XSS 101 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Sometimes you don't even have to look for cross site scripting vulnerabilities, popular web portals such as Packet Storm, might have papers that show you already discovered vulns in popular web applications you might be trying to exploit. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Breaking Filters - Offensive XSS 101 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Some web developers might be smart and add filters, and tags that cut off XSS. You can usually get around these through using end tags, character encoding in, decimal, hex, ASCII, and Base64, and sometimes developers only disable Javascript and not HTML, which in this case you can try injecting JavaScript inside a HTML tag. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= JS&HTML - Offensive XSS 101 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= If you have no idea about Javascript or HTML, you can use google, search XSS Cheat Sheets, and find some cool XSS tricks you can try on a target. W3Schools.com is great place where you can learn JavaScript n HTML. Another question that arrived to me was that can you use CSS in cross site scripting to change the background image, and such, yes but you must wrap it in head tags. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Thee End - Offensive XSS 101 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Anyways that's Offensive XSS 101, just a note I like to leave to everyone, knowing this does not make you a "hacker, or cracker" Being able to break security doesn't make you a hacker anymore than being able to hotwire cars makes you an automotive engineer, says Eric Raymond. -GrahamPhisher