Cross-site scripting (XSS) is a type of website security vulnerability typically found in web applications that enables client-side script into web pages viewed by other users. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy.
Types of XSS vulnerabilities:
1.Persistent
2.Non persistent
In this post, i'll explain about the non persistent vulnerability. On Persistent i'll write later.
Non persistent XSS vulnerability is the Most Common Type of XSS Flaw. It is a Server Side Vulnerability
When a Web Server takes any input from a User and returns the same back to the User without any Validation, This leads to a Non-Persistent XSS Vulnerability.
Attacker can do with XSS:
XSS Attacks be used for the following:
•Compromising and Hijacking Accounts
•Stealing User Cookies
•Defacing Websites
•Phishing Attacks
•Posting Hostile Content
Instructions:
Step 1: First of all find the vulnerablitiy using google dorks. You can find dorks online.
Most commonly used dorks are as follow:
inurl:com_feedpostold/feedpost.php?url=
inurl:/products/orkutclone/scrapbook.php?id=
inurl:/products/classified/headersearch.php?sid=
inurl:/poll/default.asp?catid=
inurl:/search_results.php?search=Search&k=
Step 2: Choose a target website.
Step 3: Attack..:D
Find out the vulnerability:
1)Find a textbox in the site or something where you can submit text.
2)Type in the following and hit Submit Query button.
<script>alert("learn-ethical-hacking.com");</script>
3)If it'll be vulnerable it should look like as follow.
By Rahul Developers
Please share
What to do after i find a website vulnerable??
ReplyDeleteXss Attack Using Dorks >>>>> Download Now
ReplyDelete>>>>> Download Full
Xss Attack Using Dorks >>>>> Download LINK
>>>>> Download Now
Xss Attack Using Dorks >>>>> Download Full
>>>>> Download LINK Fi