Website hacking with [XSS] 12-08-2012, 12:30 AM
#1
Hey guys I'm here to tell you guys a few things. Some of you may already know this.
Lets talk the different type of hackers.
White Hats: This type of hacker, hacks sites and then reports anything they found.
Gray Hats: This type of hacker, hacks a site for either the good or the bad of the site.
Black Hats: This type of hacker, hacks a website purely for themselves to make a profit off the site in anyway.
Ok now that we know the type of hackers lets talk about 1 mostly used methods of hacking.
Xss- Xss hacking is when a site that is poorly coded, we can slip a bit of java say a search bar. So say we put this java script in the search bar.
Now with that bit of code, we can create a small box on the webpage that says Hacker name here, Or whatever you might have put between the ""'s.
Now lets talk about the type of Xss hacks there are.
Non-persistent- You might have the box when you copy the url after you made the xss injection and past it in a new tab, the box is gone.
Persistent- Same thing as the above EXCEPT when you past the url in a new tab the box will apear again. Or the script would have wrote it's self right on to the page and can be seen by anyone that might visit that page.
Now as might know. Non-persistent xss is kinda useless, but we still need it to find a persistent xss.
Now what you can do with a Persistent xss is post a cookie logger/stealer xss and send the link to someone you might want to hack, this will then give you the cookie of the person that view the link and all you have to do is replace your cookie with theirs, therefore, making the site believe you are that user. (Some cookie loggers/stealers might only work if the user is still logged in.)
Now what was the point of explaining the types of hackers?
Well I read a post of someone who found and Xss on paypal. Instead of doing the black hatter method, he reported the find to the site (white hatter method). The site has just paid the user 250.00 USD for his find.
Instead he could have used it to hack users (black hatter method) to steal money.
Lets talk the different type of hackers.
White Hats: This type of hacker, hacks sites and then reports anything they found.
Gray Hats: This type of hacker, hacks a site for either the good or the bad of the site.
Black Hats: This type of hacker, hacks a website purely for themselves to make a profit off the site in anyway.
Ok now that we know the type of hackers lets talk about 1 mostly used methods of hacking.
Xss- Xss hacking is when a site that is poorly coded, we can slip a bit of java say a search bar. So say we put this java script in the search bar.
Spoiler:
Now with that bit of code, we can create a small box on the webpage that says Hacker name here, Or whatever you might have put between the ""'s.
Now lets talk about the type of Xss hacks there are.
Non-persistent- You might have the box when you copy the url after you made the xss injection and past it in a new tab, the box is gone.
Persistent- Same thing as the above EXCEPT when you past the url in a new tab the box will apear again. Or the script would have wrote it's self right on to the page and can be seen by anyone that might visit that page.
Now as might know. Non-persistent xss is kinda useless, but we still need it to find a persistent xss.
Now what you can do with a Persistent xss is post a cookie logger/stealer xss and send the link to someone you might want to hack, this will then give you the cookie of the person that view the link and all you have to do is replace your cookie with theirs, therefore, making the site believe you are that user. (Some cookie loggers/stealers might only work if the user is still logged in.)
Now what was the point of explaining the types of hackers?
Well I read a post of someone who found and Xss on paypal. Instead of doing the black hatter method, he reported the find to the site (white hatter method). The site has just paid the user 250.00 USD for his find.
Instead he could have used it to hack users (black hatter method) to steal money.
![[Image: sign.jpg]](http://i1279.photobucket.com/albums/y534/Linked_in/sign.jpg)
A Proud Father and Supporter of the AF Radio!
![[+]](https://sinister.ly/images/modern/collapse_collapsed.png)
