Hack Your Mind Right Now....!

  • Home
  • Android
  • C Language
  • Facebook Hacking
    • 20 FB Tricks
    • Animation in FB
  • DeadlyHacker

'XSS' also known as 'CSS' - Cross Site Scripting

Posted by Unknown at 2:51 PM
It is a very common vulnerability found in Web Applications, 'XSS' allows the attacker to INSERT malicous code, There are many types of XSS attacks, I will mention 3 of the most used. This kind of vulnerability allows an "attacker" to inject some code into the applications affected in order to bypass access to the website or to apply  "phishing" on falls users.
This technique is also used for website Hacking.

Types of XSS
There are actually three types of Cross-Site Scripting, commonly named as:
- DOM-Based XSS
- Non-persistent XSS
- Persistent XSS


DOM-Based : The DOM-Based Cross-Site Scripting allow to an attacker to work not on a victim website but on a victim local machine: the various operative system usually includes "since born" some HTML pages created for differents aims, but as long as the humans do mistakes this HTML pages often can be exploited due to code vulnerabilities.

The DOM-Based XSS exploits these problems on users local machines in this way:
 - The attacker creates a well builded malicious website
 - The ingenuous user opens that site
 - The user has a vulnerable page on his machine
 - The attacker's website sends commands to the vulnerable HTML page
 - The vulnerable local page execute that commands with the user's privileges
  on that machine.
 - The attacker easily gain control on the victim computer.

Non-Persistent : The non-persistent XSS are actually the most commons vulnerabilities that can be found on the Net. It's commonly named as "non-persistent" because it works on an immediate HTTP response from the victim website: it show up when the webpage get the data provided by the attacker's client to automatically generate a result page for the attackers himself. Standing on this the attacker could provide some malicious code and try to make the server execute it in order to obtain some result.

The most common applying of this kind of vulnerability is in Search engines in website: the attacker writes some arbitrary HTML code in the search textbox and, if the website
is vulnerable, the result page will return the result of these HTML entities.

Persistent : The persistent XSS vulnerabilities are similar to the second type (Non-persistent XSS), because both works on a victim site and tries to hack users informations and the difference is that in websites vulnerables to Persistent XSS the attacker doesn't need to provide the crafted url to the users, because the website itself permits to users to insert fixed data into the system: this is the case for example of "guestbooks". Usually the users uses that kind of tool to leave messages to the owned
of the website and at a first look it doesn't seems something dangerous, but if an
attacker discover that the system is vulnerable can insert some malicious code in his message and let ALL visitors to be victim of that.

This works when the tool provided (the guestbook in the example) doesn't do any
check on the content of the inserted message: it just inserts the data provided from
the user into the result page.
Email ThisBlogThis!Share to XShare to Facebook

0 comments:

Post a Comment

Newer Post Home Older Post
Subscribe to: Post Comments (Atom)

Like Me On Facebook Mr. Deadly Hacker

About The Author

Unknown
View my complete profile
Aman Badhania writes this blog to help computer users with problems related to web services and getting the most out of their own websites.
Feel The Power Of Cyber Hacking Mr. DeadlyHacker

Popular

    List of google dorks for sql injunction List of google dorks for sql injunction
    no image Keylogger Tutorial
    no image Common Ways To Attack a Network
    no image How to Find XSS Vulnerabilities
    no image Speed Up XP BootingThis is a featured page
    no image Local File Inclusion Vulnerability Scanner
    no image Reliance Hacking

TemplateHits

  • Home
  • About Me
  • Serial Keys 1million
  • Password Hacking
  • Telnet
  • Hacking
  • Download
  • C Language Tips and Trick
Feel The Power Of Cyber Hacking Mr. DeadlyHacker

Hacking Tricks

Hacked Window Hacking Tools Window Software Window 8 Window Tips How To Make Window Genuiene Window 7 Hacking tutorial IP Tips Internet USB Hacking Hardware IGI 3 Internet Tricks Torrent HD movie HTML Hacker Types Hacking Game Hacking Tips Happy Deepawali Hard Disk Hardware Hacking HitMan Game HoneyPot Hosting IGI 2013 Image 2 Text Information Intrusion Detection System (IDS) Tekken 6 Telnet Terminator RAT TrueCaller UserName VLC Player Hacking Virus Visual Script Tricks Window 10 Window 8 Hack Window 9 Window News Window Server Youtube Tips Zombie iPhone

Crack Skull

Crack Skull
Shiiiiiiiiiiiiiiii.....Don't Live This

Followers

Deadly Tricks

Android Android Tips Android Apps Android Hack AntiVirus Hack Aman Badhania About Keylogging Backtrack Blogger Tips Backup Trick Batch Programming Browser APT Access Block Sites Advance Persistant Threat Albert Einstein Android Code Android Games Android Smart Phone Angry birds Application Assassin’s Creed III AutoCad Batch Hacking Blogger tools Bolloywood Movie HD
Facebook Hacking Firefox Imp. Addons Facebook Tips Download Facbook hack Deadly Hacker Desktop Hacking Exploits Email Hacking Data Recovery Desktop Apps Disable Mouse Dos Tools Drawing Arts Drive Icon Change Ethical Hacking Learn File hosting Firefox Download Flash Software

More Tricks

Software Proxy Server Password Hacking Software hacking Opreting System Partition Make Programming Of linux Remix Hacking Reverse Engineering Samsung Mobile Hacking Skin Pack For Window 7 System Hacking Open Source Code PC Hack PenDrive Bootable PenDrive Hacking Phishing Attacks Phreaking Proxy Sites RainMeters Recover Recover Deleted Files Red Hat Registry Hack Reinstall Your All Drivers In 5 MinutesThis is a featured page Resume Spear Phishing
Computer Hacking Backtrack Blogger Tips Command Hacking Crash Computer Cross Site Scripting (XSS) Backup Trick Batch Programming Browser CRIMINAL HACKED Computer trick Batch Hacking Blogger tools Bolloywood Movie HD C# CSS Check Password Coin Box Calling Hacking Cryptography
Aman Badhania
Copyright © 2012 Hack Your Mind Right Now....! - and Deadly Hacker.