how to find xss cross site scripting vulnerability in website xss scripting
Today we will discuss how to find Cross site scripting XSS in common website. As I am security Researcher I have found many Cross site scripting XSS Vulnerabilities in website. So cross site scripting XSS is find not a difficult task but if you are newbie so May you have face some problems to Find xss scripting in starting .
But if you read my previous article that what is cross site scripting XSS and its types then you just have idea about how to find Cross site scripting XSS. and I have also share a tutorial how to find vulnerable website so now then you have to able to find cross site scripting . So let’s start
First of all you have to find the input filed like search bar, Login page, subscribe by email and Contact us page. If you find input then we can inject over payload in the input field.
The question is that what is Payload or vector?
Payload or vector is a JavaScript code which we can insert in input field to find XSS scriptin.
So here I have taken a one example of vulnerable website
I have searched my news on website and I am searching a news for nomanramzan but as you seen in below picture no news found on nomanramzan and after that you just right click on the anywhere of website and click on View page source
Then press CTRL + F for search nomanramzan and Note the location where the input is placed. as you seen in below picture website taken an input and search value for nomanramzan . so now the important step is that we have put out nomanramzan from “ ”
Now I am going to check whether the server sanitize the input or not . If I am giving the input this <> in input field . Sometime server sanitized the code and then code look like this <>.
So now in this condition website server not sanitize our input and this indicate that the website is vulnerable to XSS Now finally I have put a Payload
"><img src=x onerror=prompt(1);>
In the search bar then you have seen below picture. Now it will display pop-up box. So finally we have successfully find a cross site scripting XSS
Then again right click on website and then press CTRL + F for search for the payload "><img src=x onerror=prompt(1);> or value and finally you have checked that over payload put out from “” .
Finally we have find a cross site scripting XSS vulnerability . Hopefully you enjoyed this tutorial. If you have any problem so you can comment below
Posted by R2blog. R2blog auto post for blogspot. Download at http://R2blogger.blogspot.com
0 comments:
Post a Comment