Tuesday, February 15, 2011

What is XSS (Cross-Site Scripting)

....................................................................................................................
This vulnerability allows for an attacker's input to be sent to unsuspecting victims. The primary usage for this vulnerability is cookie stealing; if an attacker steals your cookie, they can log into whatever site they stole your cookie from under your account (usually, and assuming you were logged in at the time.)
Example Vulnerable Code - search.php (PHP)

PHP Code:

 
$s $_GET['search'];// a real search engine would do some database stuff  hereecho("You searched for $s. There were no results found");?>
Testing Inputs For Vulnerability
For this, we test by throwing some HTML into the search engine, such as "XSS". If the site is vulnerable to XSS, you will see something like this: XSS, else, it's not vulnerable.

Example Exploit Code (Redirect)
Because we're mean, we want to redirect the victim to

goatse (don't look that up if you don't know what it is) by tricking them into clicking on a link pointed to "search.php?search=
###########################################################

0 comments:

Post a Comment