Wonder How ToGadget HacksNext RealityNull Byte
Forum Thread

Xss for Beginners by [ Mohamed Ahmed ]

Sep 13, 2017 06:02 PM
Sep 18, 2017 04:32 PM
636413239185078804.jpg

Hi!!!

In this thread, I want to describe Xss in detail from A to Z. for beginners....

========================== ==============

### Xss is Css => Cross Site Scripting

Not to be confused with CSS is also called XSS

For the first time this bug appeared in 1997.

========== ==============================

### How to use XSS.

First we need to know what a cookie is .?

If you know, you can skip.

Cookieserve to store site credentials on the visitor's computer.

If you registered on the site under the nickname 'hhahahahgs' , the site has saved a file with cookies on your computer, where your data is encoded.

And if you have an administrator and you have access to the site, and I am a user who stole from you (admin) cookies, then I can safely go to the site, and the site defines me as 'admin' - I will have administrator rights.

To change (substitute stolen) cook I advise you to use CookieEdit for IE or built-in functions in Opera and Firefox.

========================================

We figured out what cookies are going on ...

To intercept cookies, you need to find a place on the site where you can perform an XSS attack...

### What is an XSS attack?

XSS attacks are attacks not on the site itself, but on users of the site.

XSS is a flaw in the filter of the application.

There Are Passive XSS and Active XSS.

What is Passive XSS?

Passive

  • this Xss, which require the victim to participate directly + there are specific limitations and difficulties.

Therefore, passive XSS is not very appreciated.

For example, you need to make it pass through a poisonous link, which will require social engineering, cunning.

waht is Active XSS?

Active

  • this XSS, which does not require any additional action from the victim - it is enough just to open the page with your XSS and the Java code will be executed automatically.

Thanks to their automation - they are very useful and valuable.

For example, active xss exists in BB tags ...because of insufficient filtering, when you leave a message on the forum \ guestbook \ chat, which will always be active with each update.

### So, as found in this XSS website.

As I wrote earlier in this forum that XSS consists of tags, they also consist of html, and javascript =).

  • Javascript can be entered in html.
  • Can be encoded to bypass filters. But more on that later.

How do you know that XSS on a given site is going through?

A horrible frustration of type

Just updated your iPhone? You'll find new Apple Intelligence capabilities, sudoku puzzles, Camera Control enhancements, volume control limits, layered Voice Memo recordings, and other useful features. Find out what's new and changed on your iPhone with the iOS 18.2 update.

Related Articles

637263493835297420.jpg

How to Use Zero-Width Characters to Hide Secret Messages in Text (& Even Reveal Leaks)
636455706472146367.jpg

How to Hide DDE-Based Attacks in MS Word

Comments

No Comments Exist

Be the first, drop a comment!