[XSS Basic Tutorial ]Okay, in this tutorial We aim to give you a very basic understanding of cross-site scripting, also known on XSS. We advise you do this on Mozillas Firefox web browser or Google Chrome, as newer versions of Internet Explorer edit the site to prevent XSS.Finding your target.Obviously, before you can hack a site, you need to find a site vulnerable to what you want to do, in this case, XSS. We can do this using a search engine. I recommend Google What we want to search is A Vulnerable XSS Site By Using The Dork Below:inurl:guestbookhtml enabledWhat you should see as a list of results is many websites containingguestbooks. A guestbook is a page of website, where users may leave comments, it is recommendedthe guestbook you choose doesnt send posts for moderation before they are publicly shown.Is my target vulnerable?To find this out, we need to do a small XSS test. Doing this is simple.Go into the guestbook and add a post. In the comment/content/post box, send the following line of code.Quote: >alert(VulnerabilityTest)If the site is vulnerable, a popup window saying Vulnerability Test will appear.Injecting HTML.Now we want to take advantage of the XSS vulnerability. Type in the following:Quote: >alert(I have hacked your site)(Message to the viewer)[Any other HTML code you would like to add]You can put as much HTML as you want in it, and if you have a good understanding of HTML, you can edit the page itself, but I wont go into that, as this is just a basic XSS Tutorial.I hope you understood and learned something from Our tutorial. Any questions? Comment Below!
Posted on: Sat, 19 Oct 2013 11:51:42 +0000
Trending Topics
Recently Viewed Topics
© 2015