This vulnerability allows for an attacker's input to be sent to unsuspecting victims. The primary usage for this vulnerability is cookie stealing; if an attacker steals your cookie, they can log into whatever site they stole your cookie from under your account (usually, and assuming you were logged in at the time.)
Example Vulnerable Code - search.php (PHP)
PHP Code:
$s = $_GET['search'];// a real search engine would do some database stuff hereecho("You searched for $s. There were no results found");?>For this, we test by throwing some HTML into the search engine, such as "XSS". If the site is vulnerable to XSS, you will see something like this: XSS, else, it's not vulnerable.
Example Exploit Code (Redirect)
Because we're mean, we want to redirect the victim to
goatse (don't look that up if you don't know what it is) by tricking them into clicking on a link pointed to "search.php?search= ". This will output "You searched for . There were no results found" (HTML) and assuming the target's browser supports JS (JavaScript) which all modern browsers do unless the setting is turned off, it will redirect them to goatse.
No comments:
Post a Comment