- Joined
- Jun 13, 2020
- Messages
- 7,545
- Reaction score
- 916
- Points
- 212
- Awards
- 2
XSS - cross site scripting
hi guys and welcome we gonna talk about cross site scripting
not how build script for evryting you have in mind
superfast
----
XSS it's a vuln that affect website that no have a good security on form imput
that let us inject malicius script that can be used for gain access to the website, take advantage of user
and website form.
exploit tool:
beef
xenotix
we can ahve two type of XSS
persistent or not. that's it.
if we find text field were inject permanently (the server retains the script)
--.we can test whit the follow code --
<h1>HI</h1>
if the HI change format and we no see the tag we can have success.
usualy can be used a field like new threads/post/news ecc,
so we have a vuln field but we wish to exploit it as it should be,
we need a code to build us script for hook the webpage and grab cookies, ip, geo, keylog, ecc...
all the user do in the webpage were we have inject can be saved and reported
beef & xenotix can be helpfull to do that
not persistence xss, reflected, DOM based, are vuln of the website, but no let you to take advantage of the script power.
ex. if vuln is in a reserch box, and you load the script inside the box, you hook only the guys who research the script XD
ex. if you found a vuln and the script no go hidden there isn't a vuln
ex. if you hook a post/blog/website page, only the user on that page can be hooked and not the entire website
-----
we can use that script, for hook users, build manuly or whit beef/xenotix
whit clickjaking attack or phishing metod
we need to insert it in something we wish to stay opened more time possible in the browser of the victim,
so we need to craft webpage thinking about that.
------
i hope that can you guys to have more lucky,
if you need help ask
hi guys and welcome we gonna talk about cross site scripting
not how build script for evryting you have in mind
superfast
----
XSS it's a vuln that affect website that no have a good security on form imput
that let us inject malicius script that can be used for gain access to the website, take advantage of user
and website form.
exploit tool:
beef
xenotix
we can ahve two type of XSS
persistent or not. that's it.
if we find text field were inject permanently (the server retains the script)
--.we can test whit the follow code --
<h1>HI</h1>
if the HI change format and we no see the tag we can have success.
usualy can be used a field like new threads/post/news ecc,
so we have a vuln field but we wish to exploit it as it should be,
we need a code to build us script for hook the webpage and grab cookies, ip, geo, keylog, ecc...
all the user do in the webpage were we have inject can be saved and reported
beef & xenotix can be helpfull to do that
not persistence xss, reflected, DOM based, are vuln of the website, but no let you to take advantage of the script power.
ex. if vuln is in a reserch box, and you load the script inside the box, you hook only the guys who research the script XD
ex. if you found a vuln and the script no go hidden there isn't a vuln
ex. if you hook a post/blog/website page, only the user on that page can be hooked and not the entire website
-----
we can use that script, for hook users, build manuly or whit beef/xenotix
whit clickjaking attack or phishing metod
we need to insert it in something we wish to stay opened more time possible in the browser of the victim,
so we need to craft webpage thinking about that.
------
i hope that can you guys to have more lucky,
if you need help ask
