Wednesday, 29 May 2013

how to find xss cross site scripting vulnerability in website



how to find xss cross site scripting vulnerability in website xss scripting

Today we will discuss how to find Cross site scripting XSS in common website. As I am security Researcher I have found many Cross site scripting XSS Vulnerabilities in website. So cross site scripting XSS is find not a difficult task but if you are newbie so May you have face some problems to Find xss scripting in starting .
But if you read my previous article that what is cross site scripting XSS and its types then you just have idea about how to find Cross site scripting XSS. and I have also share a tutorial how to find vulnerable website so now then you have to able to find cross site scripting . So let’s start
First of all you have to find the input filed like search bar, Login page, subscribe by email and Contact us page. If you find input then we can inject over payload in the input field.

The question is that what is Payload or vector?

Payload or vector is a JavaScript code which we can insert in input field to find XSS scriptin.

So here I have taken a one example of vulnerable website

I have searched my news on website and I am searching a news for nomanramzan but as you seen in below picture no news found on nomanramzan and after that you just right click on the anywhere of website and click on View page source
 xss scripting xss


Then press CTRL + F for search nomanramzan and Note the location where the input is placed. as you seen in below picture website taken an input and search value for nomanramzan . so now the important step is that we have put out nomanramzan from “ ”
xss cross site scripting bug

Now I am going to check whether the server sanitize the input or not . If I am giving the input this <> in input field . Sometime server sanitized the code and then code look like this &lt;&gt;.

So now in this condition website server not sanitize our input and this indicate that the website is vulnerable to XSS Now finally I have put a Payload

"><img src=x onerror=prompt(1);>

In the search bar then you have seen below picture. Now it will display pop-up box. So finally we have successfully find a cross site scripting XSS
 cross site scripting vulnerability

Then again right click on website and then press CTRL + F for search for the payload "><img src=x onerror=prompt(1);> or value and finally you have checked that over payload put out from “” .
how to find xss cross site scripting vulnerability in website

Finally we have find a cross site scripting XSS vulnerability . Hopefully you enjoyed this tutorial. If you have any problem so you can comment below

Posted by R2blog. R2blog auto post for blogspot. Download at http://R2blogger.blogspot.com


0 comments:

Post a Comment

 

My Geek Tricks Copyright © 2011 | Template design by O Pregador | Powered by Blogger Templates