.

Cross site scripting uses

<<

exeglitch

Newbie
Newbie

Posts: 4

Joined: Fri Dec 23, 2011 9:23 am

Post Fri Dec 23, 2011 10:02 am

Cross site scripting uses

Hello everyone,
recently I learned some web page hacking and it went well. The tutorial covered SQL injection, brute forcing, file inclue / upload vulnerabilities and other stuff. Everything went well, however I still have a huge question mark on cross-site scripting.

What can you do with this kind of vulnerability ?

I mean, I understand you could add javascript for example, but it runs only locally. I don't really see the point on adding javascript code that would run only on your computer. And if you manage to get someone else to click on a malicious link, wouldn't it be better to just craft a website exactly for your needs ? I'm sure there's a very obvious use but I can't see it.

Please enlight me =)
<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Fri Dec 23, 2011 10:38 am

Re: Cross site scripting uses

Hi Exeglitch,

Welcome to the site! I used to think the same thing when I was introduced to XSS. I would say it all depends on how much you can leverage it. XSS can be used to do a whole lot, such as redirecting a users browser to a malicious URL (to inject client-side attacks, steal cookies, etc) and a lot more.

A good tool that proves how wicked leveraging Javascript on a victims can be is The Browser Exploitation Framework from http://www.bindshell.net/tools/beef.html.

Below are a few helpful links that could help you understand it further:

Hacker Uses XSS & Google Streetview Data to Determine Physical Location

vbSEO - From XSS to Reverse PHP Shell

Browser Exploitation with BeEF

Web Hacking - XSS Part 1
Web Hacking - XSS Part 2
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
<<

millwalll

Post Fri Dec 23, 2011 4:31 pm

Re: Cross site scripting uses

Good resources A good example of XSS recently I was working for client that had XSS on their site. When I told them they wanted me to prove it so I crafted a attack sent them a link and managed to steal their cookies from this I was able to log into the admin page and have access to all their customer details.
<<

unicityd

User avatar

Full Member
Full Member

Posts: 170

Joined: Wed Sep 03, 2008 5:33 pm

Post Fri Dec 23, 2011 6:53 pm

Re: Cross site scripting uses

I've used XSS to implement Cross Site Request Forgery. 

-Steven
BS in IT, CISSP, MS in IS Management (in progress)
<<

exeglitch

Newbie
Newbie

Posts: 4

Joined: Fri Dec 23, 2011 9:23 am

Post Fri Dec 23, 2011 7:01 pm

Re: Cross site scripting uses

Jamie.R wrote:Good resources A good example of XSS recently I was working for client that had XSS on their site. When I told them they wanted me to prove it so I crafted a attack sent them a link and managed to steal their cookies from this I was able to log into the admin page and have access to all their customer details.

The big question I have is this: If you could get them them to click on a link, couldn't you make them go on ANY page of your choice that would steal their cookies ?

I haven't read xXxKrisxXx's pages yet but I'll make sure to do, they seem very informative on the subject and will probably help me understand better.

Thank you.
<<

lorddicranius

User avatar

Sr. Member
Sr. Member

Posts: 448

Joined: Thu Mar 03, 2011 3:54 am

Post Fri Dec 23, 2011 7:26 pm

Re: Cross site scripting uses

exeglitch wrote:
Jamie.R wrote:Good resources A good example of XSS recently I was working for client that had XSS on their site. When I told them they wanted me to prove it so I crafted a attack sent them a link and managed to steal their cookies from this I was able to log into the admin page and have access to all their customer details.

The big question I have is this: If you could get them them to click on a link, couldn't you make them go on ANY page of your choice that would steal their cookies ?


It's more likely that a user will click on a URL containing a domain they're familiar with than a URL containing a random domain.  Say for example an attacker finds a XSS in Facebook.com.  An attacker could use a phishing attack and send an email containing a specially crafted URL using the Facebook.com domain.  Much more likely that a user would click on that than sending them a phishing email with a link to gimmeurcredentials.com.
GSEC, eCPPT, Sec+
<<

cmathiso

Newbie
Newbie

Posts: 1

Joined: Thu Feb 17, 2011 4:53 pm

Post Fri Dec 23, 2011 7:34 pm

Re: Cross site scripting uses

exeglitch wrote:
Jamie.R wrote:Good resources A good example of XSS recently I was working for client that had XSS on their site. When I told them they wanted me to prove it so I crafted a attack sent them a link and managed to steal their cookies from this I was able to log into the admin page and have access to all their customer details.

The big question I have is this: If you could get them them to click on a link, couldn't you make them go on ANY page of your choice that would steal their cookies ?

I haven't read xXxKrisxXx's pages yet but I'll make sure to do, they seem very informative on the subject and will probably help me understand better.

Thank you.


A large reason you might want to use a site with XSS instead of pointing someone to another malicious site pertains to trust. In other words, someone will be more likely to click on a link in an email that points to "trusted-site.com" that goes to a site that is vulnerable to reflective or persistent XSS versus clicking on "evil-site.com"

** It looks like lorddicranius beat me to the punch
Last edited by cmathiso on Fri Dec 23, 2011 7:36 pm, edited 1 time in total.
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Tue Dec 27, 2011 12:00 pm

Re: Cross site scripting uses

It should also be noted, that unless there's a bug in the webbrowser, it is not possible to steal cookies across websites. For example microsoft.com won't be able to read the cookies from ethicalhacker.net, even though they're stored on the same computer. Otherwise, it would be very easy to hack / steal session cookies  :)
I'm an InterN0T'er

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software