Sunday, May 2, 2010

XSS (Cross-Site Scripting)

This vulnerability allows for an attacker's input to be sent to unsuspecting victims. The primary usage for this vulnerability is cookie stealing; if an attacker steals your cookie, they can log into whatever site they stole your cookie from under your account (usually, and assuming you were logged in at the time.)
Example Vulnerable Code - search.php (PHP)

PHP Code:

$s $_GET['search'];// a real search engine would do some database stuff
 hereecho("You searched for $s. There were no results found");?>
Testing Inputs For Vulnerability
For this, we test by throwing some HTML into the search engine, such as "XSS". If the site is vulnerable to XSS, you will see something like this: XSS, else, it's not vulnerable.

Example Exploit Code (Redirect)
Because we're mean, we want to redirect the victim to

goatse (don't look that up if you don't know what it is) by tricking them into clicking on a link pointed to "search.php?search= ". This will output "You searched for . There were no results found" (HTML) and assuming the target's browser supports JS (JavaScript) which all modern browsers do unless the setting is turned off, it will redirect them to goatse.

No comments:

Post a Comment

Related Posts with Thumbnails