Cross site scripting

XSSCross Site Scripting

BY:- KINISH KUMAR(www.kinishcybersec.blogspot.in)https://www.facebook.com/kinishkumar

Cross Site Scripting (XSS) is a type of computer insecurity vulnerability typically found in web applications(such as web browsers through breaches of browser security) that enables attackers to inject client-side script into web pages viewed by the other users. Xss is mostly possible on dynamic website where input is require .

There are three types of XSS:-1.Persistent (stored) XSS

Attack is stored on the website’s server.2.Non Persistent (reflected) XSS

User has to go through a special link to be exposed3.DOM-based XSS

Problem exists within the client side scripts

Persistent(stored) xss The persistent(or stored) XSS vulnerability is a more devasting variant of a cross site scripting flaw; it occurs when the data provided by the attacker is saved by the server, and then permanently displayed on “normal” pages returned to the users in the course of regular browsing without proper HTML escaping.

Simply persistent xss is occurs when the developer stores the user input data into database server or simply writing it in a file without a proper filtration, then sending them again to the client browser.

VICTIM

<html><script> <html>

<script>

DATA BASE SERVER

Vulnerable AppsForum ,blog ,search etc

ATTACKER

This fig shows how an attacker execute its malicious script .Firstly attacker input his/her html or java script in search , forum or blog and due to no input filtration the script is saved in server then some other user click on this forum or page then the malicious script is executed on the victim or client browser.

Some example of scripts:-<script>alert(“Hello World”);</script>

This script is used to pop up a box contain message Hello World

<script>alert(document.cookie);</script>This script is used to show your cookies

To perform cross site scripting for learning purpose you can setup ur own server with a vulnerable apps

You can use XAMPP server and DVWA application for this purpose you can download this from:-

http://www.apachefriends.org/en/xampp-windows.html

http://sourceforge.net/projects/dvwa/

I login in my DVWA (damn vulnerable web application) the default username is “admin” and password is “password” without quotation marks.

When I input text message then its ok nothing happen it show my message in box. lets try some script on this message box

In this time I write stored xss in name field and <script>alert(“hello you are hacked”);</script> in message field and when I click on guestbook it pop up a message every time any other user click on the guestbook or this page he will get same message because the input is stored on the server database.

Non Persistent or Reflected XSS

The non-persistent( or reflected) cross site scripting vulnerability is by far the most common type. These holes show up when the data provided by a web client, most commonly in HTTP query parameters or in HTML form submissions, is used immediately by server-side scripts to generate a page of results for that user, without sanitizing the request.

VICTIM

<html><script> <html>

<script>

DATA BASE SERVER

Vulnerable AppsForum ,blog ,search etc

ATTACKER

No input validation

No output sanitization

PHISING

script

Session id

In persistent of reflected XSS the script is executed when it is input on the forum or database in client browser when it submit it so this is not an serious problem but this is also used to steal other cookies (session id and other important info ) .

The attacker send an message to client or victim through email (fake mail) in which he write Dear customer we have notice some illegal activity in ur account to check where it is you or some other please click this link to do that and the mail is crafted so nice the victim is come is on the attacker net to do this attacker used other social engineering techniques to fool the victims.

When victim click on ur link the script is executed and send the victim cookies info to attacker website to do this attacker used a php script and host it in web hosting website when victim click the cookies info of victim is send to attacker website where he is host his/her php script in a plain text format he /she used it to login ur website .

You can either used DVWA or WebGoat application to test ur skills like real scenario u can download WebGoat through OWASP website . Here I used DVWA application to demonstration.

Hack to learn not learn to hack

Here I write kinish kumar and then submit then it display my name again we write script and see what it display

Here I write <script>alert(“hello”);</script> and then it doesn’t display the script it execute it but it executed once that is the basic difference of persistent and non persistent xss.

Here I write script to display cookie I.e,<script>alert(doucument.cookie);</script> and it show the cookies and we can do lot of things when we get somebody cookies by apply phishing or social engineering methods.

Some vulnerable websites are :-

1. http://www.timesjobs.com/candidate/companySearch.htm

2. http://www.gnomonwatches.com

3.http://www.jouezetgagnez.net/index.php?email=

Here I will do reflected xss on www.gnomonwatches.com because it is vulnerable to cross site scripting but please don’t do that this is illegal .

ALWAYS REMEMBER THIS QUOTE :-

HACK TO LEARN NOT LEARN TO HACK

DOM based XSSDOM-based vulnerabilities occur in the content processing stages performed by the client, typically in client-side JavaScript. The name refers to the standard model for representing HTML or XML contents which is called the Document Object Model (DOM) JavaScript programs manipulate the state of a web page and populate it with dynamically-computed data primarily by acting upon the DOM.

ORDOM-based Cross-Site Scripting is the de-facto name for XSS bugs which are the result of active browser-side content on a page, typically JavaScript, obtaining user input and then doing something unsafe with it which leads to execution of injected code. This document only discusses JavaScript bugs which lead to XSS.The DOM, or Document Object Model, is the structural format used to represent documents in a browser. The DOM enables dynamic scripts such as JavaScript to reference components of the document such as a form field or a session cookie. The DOM is also used by the browser for security - for example to limit scripts on different domains from obtaining session cookies for other domains. A DOM-based XSS vulnerability may occur when active content, such as a JavaScript function, is modified by a specially crafted request such that a DOM element that can be controlled by an attacker.

Reference:-

www.infosec4all.tk

http://en.wikipedia.org/wiki/Cross-site_scripting

https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)

I try my best to explain basics of cross site scripting if there is any mistake please comment and give ur valuable suggestions.

THANK YOU!