API tools faq
paste
LuciferAviSonicX

Session 15: cross site scripting

LuciferAviSonicX
Aug 23rd, 2017
99
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.18 KB | None | 0 0
raw download clone embed print report
  1. Java ---- Javascript
  2. --------------------
  3. Java --> software programming language
  4. Javascript --> browser language--- front end developing language....
  5.  
  6. box ---> do you want to leave the webpage----> java script
  7. prompt box
  8. alert box
  9.  
  10. HTML + java script
  11. for using javascript---> i will use a tag---> <script>.......</script>
  12.  
  13. document.write
  14. document.cookie
  15. getElementById
  16. fuctions
  17. loops
  18. conditions
  19.  
  20. XSS---> Cross Site Scripting
  21. ----------------------------
  22. Based upon javascript
  23.  
  24. i can use any html tag with script tag so that i can go for the juicuy data of the user's web page
  25. **** JavaScript should be enabled on the user's browser
  26.  
  27.  
  28. what i can do with XSS
  29. ----------------------
  30. 1. Deface the website
  31. 2. Steal the cookies
  32. 3. Steal the Confidential data
  33. 4. I can Redirect any user to my malicious website
  34.  
  35. comments, serach boxes, feedback, reviews
  36.  
  37.  
  38. Types of XSS
  39. ------------
  40.  
  41. 1. Reflected XSS
  42. 2. Stored XSS
  43.  
  44.  
  45.  
  46. 1. Reflected Cross Site Scripting
  47. ----------------------------------
  48. That my malicious code will go away when the user will refresh the web page.It is one time use only.
  49.  
  50. 2. Stored Cross Site Scripting
  51. -------------------------------
  52. My malicious code will be stored in the database of the server, website.... it will be there untill and unless my DBA will not remove it or reset the database.... I can use it everytime when a user is entering the webpage.
  53.  
  54. 1. <script lang=eng>
  55. 2. <ScRiPt>
  56. 3. ----> <scr<script>ipt>
  57. <script>
  58.  
  59. Broken Authentication And Session Management
  60. ---------------------------------------------
  61.  
  62. Session Management ----> e-banking sites, irctc....
  63. when a user is not active for sometime... they will log you out.... please login again to continue......
  64.  
  65. PAYTM.... if i open my account at 2 places,,,,, wo tb bhi bork krta h.... ebanking and irctc... bhai log out h.... session expire
  66.  
  67. Broken Authentication ---> ek h capta ko bar bar repeat krna.... cookies ko proper manage na krna..... bar bar meri cookies ko send krna....
  68.  
  69. security:low
  70. session iD =mmjbsdcoiuawbdfvpie
  71. user name:abhijeet
  72. password:hacker
  73.  
  74.  
  75. good cookie:
  76. sessionID=aewrgwergewrgewrg;username="";nonse="799"
  77.  
  78. encryption---> cookies ko encrypted
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!