BeEF is an XSS-exploiting framework that lets you "hook" or gain control of victim web browsers. In this part of XSS exploitation, we will be working on finding an XSS-vulnerable website. We can simply do this by Google Dorking.
How It Works
XSS is caused when a website "reflects" code back to the user because it didn't recognize the code as something to run in the browser. These can b done by GET or POST HTTP requests.
Find the Website
You can find websites with potential vulnerabilities by using inurl:.com:search.asp. This searches for all websites with a .com TLD and a search.asp page. It doesn't have to be .com, but those kind of websites are more likely to be vulnerable than a .gov website, right? Here is something similar to what you should see (for privacy reasons, I covered the names):
Check to See if It's Vulnerable
Next, open that webpage and search using an simple script. It would look like . If the webpage is secured, you will see this:
But if it is vulnerable to XSS, you will get a little pop-up:
This is caused because the website doesn't sanitize your search. There are various other tests, but this is the simplest and easiest way.
Conclusion
Now you know just how easy it is to find an XSS-vulnerable website. In the next tutorial, we will discuss how to exploit these vulnerabilities further with BeEF.
C|H of C3
Comments
Be the first, drop a comment!