API tools faq
paste
Advertisement
1337ings

[Tutorial] Cross Site Script/XSS

1337ings
Sep 6th, 2016
2,299
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.28 KB | None | 0 0
raw download clone embed print report
  1. ██╗ ██╗███████╗███████╗ ████████╗██╗ ██╗████████╗ ██████╗ ██████╗ ██╗ █████╗ ██╗
  2. ╚██╗██╔╝██╔════╝██╔════╝ ╚══██╔══╝██║ ██║╚══██╔══╝██╔═══██╗██╔══██╗██║██╔══██╗██║
  3. ╚███╔╝ ███████╗███████╗ ██║ ██║ ██║ ██║ ██║ ██║██████╔╝██║███████║██║
  4. ██╔██╗ ╚════██║╚════██║ ██║ ██║ ██║ ██║ ██║ ██║██╔══██╗██║██╔══██║██║
  5. ██╔╝ ██╗███████║███████║ ██║ ╚██████╔╝ ██║ ╚██████╔╝██║ ██║██║██║ ██║███████╗
  6. ╚═╝ ╚═╝╚══════╝╚══════╝ ╚═╝ ╚═════╝ ╚═╝ ╚═════╝ ╚═╝ ╚═╝╚═╝╚═╝ ╚═╝╚══════╝
  7.  
  8. ██████████████████████████████████████████████████
  9. ╔╦╗┌─┐┌┐ ┬ ┌─┐ ┌─┐┌─┐ ╔═╗┌─┐┌┐┌┌┬┐┌─┐┌┐┌┌┬┐┌─┐
  10. ║ ├─┤├┴┐│ ├┤ │ │├┤ ║ │ ││││ │ ├┤ │││ │ └─┐
  11. ╩ ┴ ┴└─┘┴─┘└─┘ └─┘└ ╚═╝└─┘┘└┘ ┴ └─┘┘└┘ ┴ └─┘
  12.  
  13. 1.) [What is "XSS"?]
  14. 2.) [Stored aka Non-Persistent]
  15. 3.) [Reflected XSS aka Non-Persistent]
  16. 4.) [DOM-BASED]
  17. 5.) [Executing XSS]
  18. 6.) [Finding XSS]
  19.  
  20. ██████████████████████████████████████████████████
  21. ╔═╗╦═╗╔═╗╔╦╗╦╔╦╗
  22. ║ ╠╦╝║╣ ║║║ ║
  23. ╚═╝╩╚═╚═╝═╩╝╩ ╩
  24.  
  25. http://twitter.com/urbackdoored
  26.  
  27. ███████████████████████████████████████████████████
  28. ╦ ╦┬ ┬┌─┐┌┬┐ ┬┌─┐ ─┐ ┬┌─┐┌─┐┌─┐
  29. ║║║├─┤├─┤ │ │└─┐ ┌┴┬┘└─┐└─┐ ┌┘
  30. ╚╩╝┴ ┴┴ ┴ ┴ ┴└─┘ ┴ └─└─┘└─┘ o
  31.  
  32. What does "XSS" mean? It means "cross site scripting" | Using payloads you can execute in text boxes, url & even in the code itself.
  33. XSS can be found in all kinds of code mostly including javascript & php. It also can be found in web browsers & apps.
  34. With XSS you can steal cookie information, deface the website of its contents & redirect the website to malicious downloads
  35. You can do many things with XSS. The amount of things you can do with it is unexplainable, People has found XSS in cars!
  36. That's how bad this effects stuff. in this tutorial i will show you how to properly execute XSS on a web page.
  37. There are many types of XSS methods, First i will explain what types there are.
  38.  
  39.  
  40. ████████████████████████████████████████████████████████████████████████████████████████████
  41.  
  42.  
  43. ╔═╗┌┬┐┌─┐┬─┐┌─┐┌┬┐ ┌─┐┬┌─┌─┐ ╔╗╔┌─┐┌┐┌ ┌─┐┌─┐┬─┐┌─┐┬┌─┐┌┬┐┌─┐┌┐┌┌┬┐
  44. ╚═╗ │ │ │├┬┘├┤ ││ ├─┤├┴┐├─┤ ║║║│ ││││───├─┘├┤ ├┬┘└─┐│└─┐ │ ├┤ │││ │
  45. ╚═╝ ┴ └─┘┴└─└─┘─┴┘ ┴ ┴┴ ┴┴ ┴ ╝╚╝└─┘┘└┘ ┴ └─┘┴└─└─┘┴└─┘ ┴ └─┘┘└┘ ┴
  46.  
  47. Stored XSS generally occurs when user input is stored on the target server,
  48. such as in a database, in a message forum, visitor log, comment field,
  49. etc. And then a victim is able to retrieve the stored data from the web application without that data being made safe to render in the browser.
  50. With the advent of HTML5, and other browser technologies, we can envision the attack payload being permanently stored in the victim’s browser, such as an HTML5 database,
  51. and never being sent to the server at all.
  52.  
  53.  
  54. ████████████████████████████████████████████████████████████████████████████████████████████
  55.  
  56. ╦═╗┌─┐┌─┐┬ ┌─┐┌─┐┌┬┐┌─┐┌┬┐ ═╗ ╦╔═╗╔═╗ ┌─┐┬┌─┌─┐ ╔╗╔┌─┐┌┐┌ ╔═╗┌─┐┬─┐┌─┐┬┌─┐┌┬┐┌─┐┌┐┌┌┬┐
  57. ╠╦╝├┤ ├┤ │ ├┤ │ │ ├┤ ││ ╔╩╦╝╚═╗╚═╗ ├─┤├┴┐├─┤ ║║║│ ││││───╠═╝├┤ ├┬┘└─┐│└─┐ │ ├┤ │││ │
  58. ╩╚═└─┘└ ┴─┘└─┘└─┘ ┴ └─┘─┴┘ ╩ ╚═╚═╝╚═╝ ┴ ┴┴ ┴┴ ┴ ╝╚╝└─┘┘└┘ ╩ └─┘┴└─└─┘┴└─┘ ┴ └─┘┘└┘ ┴
  59.  
  60. Reflected XSS occurs when user input is immediately returned by a web application in an error message, search result,
  61. or any other response that includes some or all of the input provided by the user as part of the request, without that data being made safe to render in the browser,
  62. and without permanently storing the user provided data. In some cases, the user provided data may never even leave the browser (see DOM Based XSS next).
  63.  
  64.  
  65. ████████████████████████████████████████████████████████████████████████████████████████████
  66.  
  67.  
  68. ╔╦╗╔═╗╔╦╗ ╔╗ ╔═╗╔═╗╔═╗╔╦╗
  69. ║║║ ║║║║───╠╩╗╠═╣╚═╗║╣ ║║
  70. ═╩╝╚═╝╩ ╩ ╚═╝╩ ╩╚═╝╚═╝═╩╝
  71. As defined by Amit Klein, who published the first article about this issue[1],
  72. DOM Based XSS is a form of XSS where the entire tainted data flow from source to sink takes place in the browser,
  73. i.e., the source of the data is in the DOM, the sink is also in the DOM, and the data flow never leaves the browser.
  74. For example, the source (where malicious data is read) could be the URL of the page (e.g., document.location.href),
  75. or it could be an element of the HTML, and the sink is a sensitive method call that causes the execution of the malicious data (e.g., document.write)."
  76.  
  77.  
  78. ████████████████████████████████████████████████████████████████████████████████████████████
  79.  
  80.  
  81. ╔═╗─┐ ┬┌─┐┌─┐┬ ┬┌┬┐┬┌┐┌┌─┐ ═╗ ╦╔═╗╔═╗
  82. ║╣ ┌┴┬┘├┤ │ │ │ │ │││││ ┬ ╔╩╦╝╚═╗╚═╗
  83. ╚═╝┴ └─└─┘└─┘└─┘ ┴ ┴┘└┘└─┘ ╩ ╚═╚═╝╚═╝
  84.  
  85. Your normal payload for a reflected XSS would be;
  86.  
  87. <script>alert("XSS")</script>
  88.  
  89. That little script, is HTML. It will make a little message pop up, saying "XSS". You can edit that part if you like.
  90. Just don't edit any other parts of the script. Put that into your search bar, and hit enter.
  91. Now, if a little alert box popped up, you've successfully attacked a site vulnerable to XSS!
  92. If no box popped up, that is alright, because that means the site has taken some time to put in a filter.
  93. A filter, is when we search something, then it goes through a mini process, basically an inspection.
  94. It checks for any malicious (dangerous) things. In this case,
  95. it will look for XSS. Sometimes, these filters are very weak, and can be by-passed very easily,
  96. other times, they can be quite difficult to bypass. There are a lot of ways to bypass an XSS filter. First,
  97. we have to find out what the filter is blocking. A lot of the time, it is blocking the alert. Here's an example of this kind of filter;
  98.  
  99. <script>alert( > XSS < )</script>
  100.  
  101.  
  102. It will look like;
  103.  
  104. http://fbi.gov/fuckfeds.php?id=420<script>alert("XSS")</script>
  105.  
  106. or
  107.  
  108. http://fbi.gov/fuckfeds.php?id=420<script>alert( > XSS < )</script>
  109.  
  110.  
  111. Note; This payload is harmless, You will need to learn more of XSS to start doing ideal stuff with it.
  112.  
  113.  
  114. ████████████████████████████████████████████████████████████████████████████████████████████
  115.  
  116.  
  117. ╔═╗┬┌┐┌┌┬┐┬┌┐┌┌─┐ ═╗ ╦╔═╗╔═╗
  118. ╠╣ ││││ │││││││ ┬ ╔╩╦╝╚═╗╚═╗
  119. ╚ ┴┘└┘─┴┘┴┘└┘└─┘ ╩ ╚═╚═╝╚═╝
  120.  
  121. Please do not use "google dorks" in-order to find XSS vulnerable websites,
  122. There are plenty of "XSS scanners" that google has to offer, People develop
  123. XSS scanners in many different languages including perl, python, vb, java,
  124. php, ruby, & ps1.
  125.  
  126. Honestly I've found XSS in CNN, FoxNews, Esports, EA, AOL, Comcast, Verizon & Hack Forums
  127. WITHOUT google dorks, For links to be crawled with google they will need to be of went to
  128. numerous times. So yes you can use google dorks but it will not give you the best results.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!