Ethical Experts
Ethical Experts
Ethical Experts
Would you like to react to this message? Create an account in a few clicks or log in to continue.
Ethical Experts

A Community Dedicated to Helping and Learning . Here You Will Get Hacking Tutorials and Monetizing Methods . We Hope You Have a Pleasant Stay
 
HomeHome  SearchSearch  Latest imagesLatest images  RegisterRegister  Log in  
Still Currently working on the forum design, until I find a perfect design that can sit there for the whole life :p .. Please Bare with us if you see the design change while / after you refresh a page or return ! Sorry for the Inconvenience ~!
Search
 
 

Display results as :
 
Rechercher Advanced Search
Latest topics
» Hack Pack : Largest Hacking Tools Collection
Cross Site Scripting (XSS) :- The Basics EmptyTue Apr 28, 2015 9:35 am by THE-OUTSIDER

» Hi everyone!
Cross Site Scripting (XSS) :- The Basics EmptyFri Nov 07, 2014 11:24 pm by zekrum

» Hacking Email ID's
Cross Site Scripting (XSS) :- The Basics EmptyThu Sep 25, 2014 7:22 pm by NAVEEN KUMAR . S

» entering in a computer binary
Cross Site Scripting (XSS) :- The Basics EmptySat Sep 20, 2014 1:29 pm by erosh23

» hi hackers
Cross Site Scripting (XSS) :- The Basics EmptySat Sep 20, 2014 1:26 pm by erosh23

» Introduce Yourself !
Cross Site Scripting (XSS) :- The Basics EmptySat Sep 20, 2014 1:23 pm by erosh23

» Hello guys
Cross Site Scripting (XSS) :- The Basics EmptyWed Jul 30, 2014 10:52 pm by RZero67

» need botnet like zues Betabot or any good botnet files please admin help me
Cross Site Scripting (XSS) :- The Basics EmptyFri Jul 25, 2014 9:44 pm by sire_roktiv

» Extension Spoofer v0.1 [Beta Release]
Cross Site Scripting (XSS) :- The Basics EmptyFri Jul 11, 2014 9:33 am by The Joker

Most Viewed Topics
Hack Pack : Largest Hacking Tools Collection
HACK WIFI PASSWORD USING CMD WHEN YOU ARE CONNECTED WITH WIFI
Hack Your BroadBand !! RISK FREE !!
Hacking With Keyloggers Prorat
How to Hack the Windows Admin Password Using OphCrack in Backtrack tutorial
How to Get Unlimited time in an Internet Cafe ... :D
How to Hack Websites & Servers - Tutorial
Cracking a WPA/WPA-2 Password.. ;)
Backtrack and Facebook
Credit Card Generating Sequence
Keywords
LARGEST netcat wifi hack
Facebook Like
Similar topics

Ethical Experts :: Hacking Section :: Hacking Tutorials
 

 Cross Site Scripting (XSS) :- The Basics

Go down 
AuthorMessage
The Joker
Admin
Admin
The Joker


Posts : 182
Join date : 2012-06-11
Age : 33

Cross Site Scripting (XSS) :- The Basics Empty
PostSubject: Cross Site Scripting (XSS) :- The Basics   Cross Site Scripting (XSS) :- The Basics EmptySun Oct 07, 2012 4:58 am
In this following post we will have some basic look over Cross Site Scripting. Cross site scripting is also known as XSS and many times people also abbreviate it as CSS (by the way CSS means Cascading Style Sheets). Commonly XSS is web application attack and not web server attack, it occurs in web application which accepts input without validation and sanitization resulting giving an attacker chance to run a malicious script. XSS vulnerability occurs in a web application due to dynamic nature of a web page which is attained by Java Scripts, VB Scripts, ActiveX controls, Flash contents and scripts and sometimes with help of HTML too.
All those scripts and programming languages that are responsible for dynamic contents over a web page are also responsible for XSS attacks. An attacker can take advantage of XSS vulnerability and execute a malicious Java script, VB Script, ActiveX controls, Flash and HTML.

Most security professionals think XSS is lame game since it does not provide any help compromising a remote system, but this is not cent percent true. When circumstances are right you can surely own a system using XSS attack. Also level of catastrophic conditions depends upon where a vulnerable application is used and for what purpose. For example a bank’s web application XSS vulnerability can lead to serious online theft or an attacker who wants to execute a malicious script over several computers using social network. So in fact XSS is not all lame game as compared to SQL injection, command injection and directory transversal attacks.

XSS attacks can be classified into following two types,
Reflected Attacks
Stored Attacks

An attack where the inserted code is permanently stored in target server is known as Stored XSS Attack. An attack where the injected code needs special route to victim like email or hyperlink is known as Reflected XSS Attacks. XSS attacks executes codes with help of browser because it supports all scripts and ActiveX controls also no matter the attack type is reflected or stored the result of XSS will not differ.

Though this was just basic in future posts we will cover how some real web application hacking takes place therefore for practice you’ll need vulnerable applications. Following is list of vulnerable web applications for practice,

Damn Vulnerable Web Application (DVWA)
Vicnum
Bodgelt Store
WackoPicko
Jarlsberg

You can practice web application hacking on any of these or all of these but for some reason I suggest you start with Damn Vulnerable Web Application (DVWA). Download it, read how to install and install it.
Back to top Go down
http://teamiha.tumblr.com
 
Cross Site Scripting (XSS) :- The Basics
Back to top 
Page 1 of 1
 Similar topics
-
» XSS (Cross Site Scripting) :---- ULTMATE TUTORIAL ----:
» Basics of XSS Hacking
» Desktop Phishing: Part 1 (The Basics)

Permissions in this forum:You cannot reply to topics in this forum
Ethical Experts :: Hacking Section :: Hacking Tutorials-
Jump to: