+- Sinisterly (https://sinister.ly)
+-- Forum: Hacking (https://sinister.ly/Forum-Hacking)
+--- Forum: Website & Server Hacking (https://sinister.ly/Forum-Website-Server-Hacking)
+--- Thread: Tutorial How Find A Xss Vurnerable Site And Deface It. (/Thread-Tutorial-How-Find-A-Xss-Vurnerable-Site-And-Deface-It)
How Find A Xss Vurnerable Site And Deface It. - workaholics - 12-09-2012
Hello, Thanks for reading my tutorial and please leave feedback!
So today I will show you how to find a xss vulnerable site and deface it.
First the basics "How to find a vulnerable site"
1. Just go to google and type in some thing random. "Cheese, shopping"
2. When you find a random site you want to deface you type this in with out the quotes "<script>alert("XSS");</script>" You can type anything in where the xss is.
3. Find a search bar or anything you can insert text in and type the script.
4. If your lucky a box should pop up like this.
![[Image: CWGRZ.png]](http://i.imgur.com/CWGRZ.png)
5. Now the hard part, to tell if it is non persistent or persistent.
6. You want to copy the url after you put in the script and press enter.
7. If it still has the box then its persistent which means you can deface!
8. If it takes you to this
![[Image: wPTu7.png]](http://i.imgur.com/wPTu7.png)
then its non persistent which means no deface only cookie logger.9. When you find that persistent website here is how you are going to deface it there are multiple different ways you can deface.
10. You can redirect to your deface page, you can make a picture pop up, or replace the page with the picture you want.
11. USE A VPN NOW OR SQUAT AT SOMEONES WIFI OR YOU WILL GET CAUGHT.
12. If you want to redirect you put this in with out the quotes "<meta http-equiv="refresh" content="0;url=http://www.youhacx0rpic.com/Haxored.html" />"
13. If you want to make a picture pop up use this with out the quotes ""><script>location="www.removed.com/YOURDEFACEPIC";</script>"
14. If you want to replace the picture on a site you use this with out the quotes "<img src="yourevilpic.com">"
15. Now you have successfully defaced a website or close to it.
________________________________________________________________________
Useful links----
Xss Tutorial: http://www.mediafire.com/view/?4hn20a1oye8zm0m
Deface page creator: http://www.mediafire.com/download.php?kr1hp0b34tztt8k
Xss cheat sheet: https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
________________________________________________________________________
Thanks for reading!
Sincerely Workaholics.
RE: How Find A Xss Vurnerable Site And Deface It. - w00t - 12-09-2012
Your definition of persistent versus non-persistent is inaccurate.
A persistent XSS vulnerability is, well, persistent, meaning that you don't need to have the specialized query every time you want to display your content.
A non-persistent XSS vulnerability is just the opposite, where every time you want to display something, the query must be sent.
The picture you show for non-persistent is just a straight up not working vulnerability.
RE: How Find A Xss Vurnerable Site And Deface It. - workaholics - 12-09-2012
(12-09-2012, 08:24 AM)w00t Wrote: Your definition of persistent versus non-persistent is inaccurate.
A persistent XSS vulnerability is, well, persistent, meaning that you don't need to have the specialized query every time you want to display your content.
A non-persistent XSS vulnerability is just the opposite, where every time you want to display something, the query must be sent.
The picture you show for non-persistent is just a straight up not working vulnerability.
Did you read how I said copy the link after you click search and paste it and then if the non-persistent pops up like this then its invulnerable to deface. Thats what it looks like. Okay. Not trying to argue or anything im saying the thread in the most simplistic way I can. I also deface the one site on friday. Trust me I know what and how to do xss. http://i.imgur.com/RvOSZ.png
RE: How Find A Xss Vurnerable Site And Deface It. - stripper - 12-09-2012
Great tutorial man, but I probably wont even try this XD
RE: How Find A Xss Vurnerable Site And Deface It. - workaholics - 12-09-2012
(12-09-2012, 08:49 AM)stripper Wrote: Great tutorial man, but I probably wont even try this XD
Haha thanks its really time consuming to do a xss.
RE: How Find A Xss Vurnerable Site And Deface It. - w00t - 12-09-2012
I stand corrected, you do know the difference. You aren't checking it correctly, or at least you aren't in the image. I can tell because a sanitized version of the attempted script is displaced.
RE: How Find A Xss Vurnerable Site And Deface It. - Anonymous - 12-09-2012
This is a great tutorial. Its almost as if you took everything I said in mine and twisted it a bit. Good job though.