I got reading some stuff as usual i ended up with some doubts ,so i decided to ask here,
I am sure most of the guys here knows about xsssqli
Similar to this is it possible to inject xss code through an sql injection?
While thinking about this it has raised some questions in my mind
1)say a web site is vulnerable to sql injection,
is it possible to inject xss code in to the sql vulnerable part and make it vulnerable to xss ?
2)Also can we Introduce All the threee types of xss like persistent,non-persistent and DOM based with this ?
3)In general Assume if a web-application is vulnerable to sqli and xss means ,what are the other possible attacks
we can introduce with those vulnerabilities (like CSRF etc)?
4)And if you like please say a few words about xss as a SERVER SIDE THREAT ,so that i can understand about it as a server side threat,because some of the ppl around me just thinks it as a client side vulnerability that can just damage to client side..
Bear with me
Im not sure about xsssqli but I do know if the sql injection is a ristricted area for a guest user to reach , you always can use XSS andf bit of javascript make a automated sql injection script and so the SQL Injection trough admin .
here is a video tut ..
http://www.youtube.com/watch?v=2b0VD4_rg8Q1. Yes you can . if a page is vulnerable to SQL Injection , You can perform a XSS with SQL Injection . for a example
"http://victime.com/page,php?id=1 union select 1,0x3c7363726970743e616c65727428226e7974666f7822293c2f7363726970743e,3,4 --"
the code
0x3c7363726970743e616c65727428226e7974666f7822293c2f7363726970743e
is in hex . pure code its
"<script>alert("nytfox")</script>"
2. It depends on the app
3. yes there is a possibility for that also . but it actually this also depends on the application
4. in to my knowledge you can't attack Server side with just XSS
OSCP - Offensive Security Certified Professional : Failed my first attempt at the OSCP exam
