Today I will be teaching you a very common vulnerability called XSS/Cross Site Scripting. Plus how to exploit it.
What causes the vulnerability? Poor PHP coding within text boxes and submission forms. They were too lazy to code it properly allowing us to inject strings into the source code, that would then give us the conclusion of what we put in since it's also in the source code. They did not bother to filter what we type in. They allowed characters such as ">, ", /", etc.
What types of XSS are there? There are two types of XSS. Persistent and non-persistent. If you inject some code into the website and it sticks to the website (you leave the page and come back, and it's still there) then it is persistent. That is good. When you get non-persistent it will not stick on the website, you will only see it once. With persistent XSS you can do much more, leave messages, redirect them, etc. With non-persistent the most you can do is upload a cookie logger.
What will you be teaching today? The basics of XSS and cookie logging.
In some cases, a message might not pop up. If it doesn't work, check the source code and have a look at the output. Most of the time the error requires you to make a little change.
"*>*<script*>alert('XSS');</*script*> (remove every * ) Okay, we have found out that it is vulnerable. We can now move on.
<*script*>window.location="*http://yourdefacepage.com/index.html";<*/script*> (remove every * ) Remember, you can always alter the code if it doesn't work. You can do many things with XSS, you just need all the right strings. I'm only focusing on defacing, since most people just deface sites these days.
Non-persistent XSS. Okay. Obviously we can't redirect users with non-persistent. But with basic web-based programming knowledge we can make a cookie logger. We may also need advanced social engineering skills for people to open our cookie logger.