Done by Alibek Sabraliyev and Yerezhepov Askhat CSSE-0902

This document provides instructions on how to perform cross-site scripting (XSS) attacks. It explains that XSS attacks work by inserting malicious JavaScript code into vulnerable websites that is then executed by visitors' browsers. The document outlines different types of XSS attacks and techniques for testing websites for XSS vulnerabilities, such as trying to insert simple JavaScript alerts into different fields and checking for the presence of filters that may prevent the attacks.

Uploaded by

Alibek Sabraliyev

Available Formats

Download as PPT, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

21 views

Done by Alibek Sabraliyev and Yerezhepov Askhat CSSE-0902

Uploaded by

Alibek Sabraliyev

Available Formats

Download as PPT, PDF, TXT or read online on Scribd

You are on page 1/ 10

Done by Alibek Sabraliyev and Yerezhepov Askhat CSSE-0902

How to use XSS.

First we need to know what the Cookies. If you know we can continue If not, Cookies used to save the data(login, password) on the visitor's computer So, we can use XSS attack to intercept cookies To do that, we need find place where we can add XSS script

What is XSS-attack?
XSS attacks - this is an attack not on the site, it works on the users of the site There are active and passive xss attacks Passive - it Xss, which require the direct involvement of the victim Active doesnt require, we just need place to use a piece of code

So, lets begin

XSS consists of tags, tags consist of html, and JavaScript language JavaScript can be used in html Or coded to avoid filters, about it, a little bit later

How do I know that XSS on this site works?

We are trying to insert in all possible fields, this script: <script>alert()</script> The most common XSS: "><script>alert()</script> The whole essence is - "> any variable is assigned the value of the field, then it close script and perform the scrip above

This is the most common XSS in the search engines:

Review all of the field site and try to insert "><script>alert()</script> If the message came out - you have found XSS ...

How to define is there a filter or not?

Simply enter in any field: '';!--"<duck>=&{()} , and in the code of page, trying to find the word duck If <> is there, it means filter has a whole

Consider several cases of finding weaknesses of filter

<zxcvbnzxc792> <sc<script>ript>alert()</sc</script>ript> >>>><<script <IMG%20SRC="javascript:alert(); Everything can be achieved by trying and learning on doing) If the filter is bad, we can always insert scripts.

Active XSS
Scripts by using [font],[img],[url] : [img]htt://www.qwewqw.ru/1.jpg[/img] [img src=htt://www.qwewqw.ru/1.jpg] [img]htt://www.qweqw.ru/1.jpg [/img] If symbol cross is appear it means that everything is ok! Then [img]http://www.qwewqw.ru/1.jpg dynsrc=javascript:alert()[/img]

And finally, script sample:

Learn SAP Basis in 24 Hours
From Everand
Learn SAP Basis in 24 Hours
Alex Nordeen
4.5/5 (2)
XSS Tutorial
No ratings yet
XSS Tutorial
5 pages
XSS (Cross Site Scripting) Cheat Sheet
No ratings yet
XSS (Cross Site Scripting) Cheat Sheet
19 pages
XSS (Cross Site Scripting) Cheat Sheet Esp: For Filter Evasion
No ratings yet
XSS (Cross Site Scripting) Cheat Sheet Esp: For Filter Evasion
18 pages
Inseguridad Informartica
No ratings yet
Inseguridad Informartica
9 pages
A Simple Guide To Cross Site Scripting
No ratings yet
A Simple Guide To Cross Site Scripting
20 pages
Complete Cross Site Scripting Walkthrough
No ratings yet
Complete Cross Site Scripting Walkthrough
23 pages
Using XSS To Bypass CSRF Protection
No ratings yet
Using XSS To Bypass CSRF Protection
12 pages
Types of XSS Attacks
No ratings yet
Types of XSS Attacks
5 pages
XSS Filter Evasion Cheat Sheet
No ratings yet
XSS Filter Evasion Cheat Sheet
16 pages
Exact Basics of Hacking Intro: Description
No ratings yet
Exact Basics of Hacking Intro: Description
6 pages
How to Find Cross Site Scripting Xss
No ratings yet
How to Find Cross Site Scripting Xss
2 pages
XSS Payloads Cheat Sheet
No ratings yet
XSS Payloads Cheat Sheet
10 pages
Tutorial On Cross Site Scripting (XSS) Prevention in
No ratings yet
Tutorial On Cross Site Scripting (XSS) Prevention in
7 pages
Xss
No ratings yet
Xss
11 pages
Abusing IE8s XSS Filters
No ratings yet
Abusing IE8s XSS Filters
8 pages
XSS Filter Evasion Cheat Sheet - OWASP
No ratings yet
XSS Filter Evasion Cheat Sheet - OWASP
44 pages
Cross-site Scripting (XSS)
No ratings yet
Cross-site Scripting (XSS)
8 pages
XSS-Tips N Tricks
No ratings yet
XSS-Tips N Tricks
19 pages
XSS Payloads
No ratings yet
XSS Payloads
21 pages
Bypass
No ratings yet
Bypass
2 pages
Cross Site Scripting (XSS)
50% (2)
Cross Site Scripting (XSS)
6 pages
Same Markup: Core Guidelines: Feature Detection Behavior Detection
No ratings yet
Same Markup: Core Guidelines: Feature Detection Behavior Detection
7 pages
What Is Cross-Site Scripting (XSS) and How To Prevent It - Web
No ratings yet
What Is Cross-Site Scripting (XSS) and How To Prevent It - Web
6 pages
Xss Evasion
No ratings yet
Xss Evasion
7 pages
SQL Injection 4
80% (5)
SQL Injection 4
73 pages
Security: XSS Complete Guide All About Cookies and Security
No ratings yet
Security: XSS Complete Guide All About Cookies and Security
5 pages
Cross Site Scripting
No ratings yet
Cross Site Scripting
20 pages
Hacking The World 'S Most Popular Free Online Website Builder
No ratings yet
Hacking The World 'S Most Popular Free Online Website Builder
5 pages
Cross Site Scripting (XSS) : by Amit Tyagi
0% (1)
Cross Site Scripting (XSS) : by Amit Tyagi
31 pages
XSS
No ratings yet
XSS
2 pages
WP Cross Site Scripting
No ratings yet
WP Cross Site Scripting
12 pages
Penetration Testing
No ratings yet
Penetration Testing
25 pages
10 Practical scenarios for XSS attacks
No ratings yet
10 Practical scenarios for XSS attacks
21 pages
Xss Cookiecatchers
No ratings yet
Xss Cookiecatchers
11 pages
Hackr - Io's XSS Cheat Sheet PDF
No ratings yet
Hackr - Io's XSS Cheat Sheet PDF
45 pages
Lab 11
No ratings yet
Lab 11
6 pages
11. JavaScript Deobfuscation
No ratings yet
11. JavaScript Deobfuscation
21 pages
07. Cross-Site Scripting (XSS)
No ratings yet
07. Cross-Site Scripting (XSS)
34 pages
Site Wide Xsss
No ratings yet
Site Wide Xsss
13 pages
Cross Site Scripting - XSS
No ratings yet
Cross Site Scripting - XSS
6 pages
Best Hack Book
No ratings yet
Best Hack Book
73 pages
WEB_3
No ratings yet
WEB_3
14 pages
Reflected+XSS+-+Automated+Attacks
No ratings yet
Reflected+XSS+-+Automated+Attacks
7 pages
XSS Portswigger: Normal XSS (Re Ected or Stored XSS) How It Works
No ratings yet
XSS Portswigger: Normal XSS (Re Ected or Stored XSS) How It Works
1 page
XSS Attack and how to mitigate it
No ratings yet
XSS Attack and how to mitigate it
8 pages
Pythonforhackers Sample
No ratings yet
Pythonforhackers Sample
14 pages
Cross-Site Scripting: Analysis, Identification and Exploitation
No ratings yet
Cross-Site Scripting: Analysis, Identification and Exploitation
28 pages
Secure Coding Embedded
100% (1)
Secure Coding Embedded
32 pages
XSS_Payload_Examples
No ratings yet
XSS_Payload_Examples
7 pages
A Detailed Guide on AMSI Bypass
No ratings yet
A Detailed Guide on AMSI Bypass
19 pages
Reflected+XSS+-+Manual+Attacks
No ratings yet
Reflected+XSS+-+Manual+Attacks
5 pages
Bike Write-Up
No ratings yet
Bike Write-Up
20 pages
Cross-Site Scripting (XSS)
No ratings yet
Cross-Site Scripting (XSS)
6 pages
Asia 18 Tal Liberman Documenting The Undocumented The Rise and Fall of AMSI
No ratings yet
Asia 18 Tal Liberman Documenting The Undocumented The Rise and Fall of AMSI
71 pages
Cross Site Scripting XSS
No ratings yet
Cross Site Scripting XSS
31 pages
Amazing Java: Learn Java Quickly
From Everand
Amazing Java: Learn Java Quickly
Andrei Besedin
No ratings yet
Node.js, Express.js, and More
From Everand
Node.js, Express.js, and More
Tom Henricksen
No ratings yet
Metasploit Penetration Testing Cookbook
From Everand
Metasploit Penetration Testing Cookbook
Abhinav Singh
No ratings yet
AutoIT Scripting For Beginners
From Everand
AutoIT Scripting For Beginners
Rajan
5/5 (2)