1.) Many websites allow users to input data for various reasons. For example, a website with a guestbook allows users to input data into a comment field so that they may sign the it. Other examples include search engines, social websites (Like Myspace), E-commerce websites and forums. There are three types of Cross Site Scripting vulnerabilities (XSS), but I will only be covering two of them: Non-persistent Persistent (Also known as stored) Non-persistent XSS vulnerabilities are more common, and are usually sent via an obfuscated link which redirects you to a script on a different server, steals your cookie(s) and then redirects you back before you even know what is happening. Persistent XSS vulnerabilities are usually found in Social networking websites, blogs and guestbooks. They are the most dangerous of the different types because a user is not required to click on a link or visit a different website, the code is automatically executed when the page loads because it is stored on the server. ==========================NON-PERSISTENT XSS========================= 2.) In this section of the tutorial I will be using a live website that provides a search engine for free sound files. (http://www.freesound.org/searchText.php) When you come across a website, you must first check to see if it’s vulnerable to cross site scripting. Lets see what the page displays when we search „XSS“. As you can see, the search engine displayed our input (AKA keyword) in the search box and also offered an alternative word to search. One of the easiest ways to check and see if a website is vulnerable to XSS is by adding text formatting tags like bold or italics. So for the next search let’s enter <b><i>XSS</b></i> Nope, our search results did not yield anything that we wanted. So, Lets examine the source code and see what’s going on.
<form action="http://www.freesound.org/searchText.php" method="post"><input id="searchBox" type="text" name="search" size="55" value="<b/><i>XSS</i>" /> <input type="submit" name="submit" value="submit" />
It appears they have some protection against XSS, as you can see our bold and itallic tags were converted into their HTML values.
Let’s try again, this time we’ll try to „break out“ of the search box. The search box code is:
<input id="searchBox" type="text" name="search" size="55" value="" />
is where our input is placed. If we searched „Hello World!“ It would read:
<input id="searchBox" type="text" name="search" size="55" value="Hello world!" />
So what happens when we search „>XSS (the double quote included) ? Aha! Now something is not right on the page. „XSS“ is outside the search box, so let’s take a look at the code this time:
<input id="searchBox" type="text" name="search" value="" />XSS" size="55" />
So what happened? Well, When we searched „XSS, our quotation mark ended the value field, which caused the code to read:
it will redirect the unsuspecting victim to meatspin.com (NSFW!!!) 5.)Many people don’t think XSS is a big deal, but when it gives you the power to steal a client’s cookies or deface a webpage, you come to find out that it can be a lot more dangerous than generally accepted to be. I hope you enjoyed this tutorial and learned something interesting!