Welcome to DevilGroup - Carding Forum - Free Premium Accounts

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features such as download links. by joining our free
community you will have access to posts topics,communicate privately with other members (PM),respond to polls,upload content and access many other special features.
Registration is fast,simple and absolutely free so please,
 Click Sign up Button For Register 

- Advertisement Area -
For purchasing Ads contact ICQ : 623378515 
http://cloud-shack.com/ https://rescator.cm/
Sign in to follow this  
Mr Bomb

Ethical Hacking - Cross-Site Scripting

5 posts in this topic

Cross-site scripting (XSS) is a code injection attack that allows an attacker to execute malicious JavaScript in another user's browser.

The attacker does not directly target his victim. Instead, he exploits a vulnerability in a website that the victim visits, in order to get the website to deliver the malicious JavaScript for him. To the victim's browser, the malicious JavaScript appears to be a legitimate part of the website, and the website has thus acted as an unintentional accomplice to the attacker. These attacks can be carried out using HTML, JavaScript, VBScript, ActiveX, Flash, but the most used XSS is malicious JavaScript.

These attacks also can gather data from account hijacking, changing of user settings, cookie theft/poisoning, or false advertising and create DoS attacks.

Example

 

Let’s take an example to understand how it works. We have a vulnerable webpage that we got by the metasploitable machine. Now we will test the field that is highlighted in red arrow for XSS.

 

 

metasploitable.jpg

First of all, we make a simple alert script

 

 

<script>      alert(‘I am Vulnerable’)   </script>

It will produce the following output ***8722;


[img=https://www.tutorialspoint.com/ethical_hacking/images/simple_alert.jpg]
[b]Types of XSS Attacks[/b]

XSS attacks are often divided into three types ***8722;

[list]
[*][b]Persistent XSS,[/b] where the malicious string originates from the website's database.
[*][b]Reflected XSS,[/b] where the malicious string originates from the victim's request.
[*][b]DOM-based XSS,[/b] where the vulnerability is in the client-side code rather than the server-side code.
[/list]
Generally, cross-site scripting is found by [b]vulnerability scanners[/b] so that you don’t have to do all the manual job by putting a JavaScript on it like
[code]

<script>      alert('XSS')  </script>

 

 

 

 

Burp Suite and acunetix are considered as the best vulnerability scanners.

Share this post


Link to post
Share on other sites

Someone Hacked My Gmail and i Have Monitized Youtube Account with It! And He Took 2 Step Veri On It! Can I Get Back My Gmail Is There Any Way?

Share this post


Link to post
Share on other sites
Someone Hacked My Gmail and i Have Monitized Youtube Account with It! And He Took 2 Step Veri On It! Can I Get Back My Gmail Is There Any Way?

 

if he change every thing you have to contact with gmail :2md6ir.jpg:

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this