Skip to main content

CROSS SITE SCRIPTING(XSS)|ETHICAL HACKING|

 Cross Site Scripting (XSS)

 What is cross site scripting?

XSS is a vulnerability that allows an attacker to inject javascript code into a page. So javascript is a programing language and using this vulnerability an attacker would be able to execute a code written in javascript into a website. It is a client-side language so when the code is executed it will be executed on the user but not on the server

Types of XSS vulnerability

  1. Persistent/Stored XSS
  2. Reflected XSS
  3. DOM based XSS
The Stored XSS will be stored in the database. So the code you injected will be stored into the database or into the page so every time any user visits that page the code will be executed 

Reflected XSS will be executed only when the target user runs a specific URL written by you 

The DOM based this code will be interpreted and run on the client-side without interacting with the webserver these are dangerous because web servers apply some sort of security and filtration to check XSS

Discovering XSS

So let's discuss how to discover these vulnerabilities 
Very similar to SQL injection, the way to do this is to browse through your target and try to inject any URL that looks similar to this 
HTTP://tatget.com/page.php?somthing=something
whenever you see a URL with parameters, try to inject these parameters

Preventing XSS vulnerability

The way these vulnerabilities happen is because whenever a user enters something into a parameter that input is displayed into the HTML so it's treated as part of the page together if there is javascript in it then the code is executed. To prevent this exploit the best thing is to do try and minimize the usage of untrusted inputs and you can inspect the web page and change anything that you feel suspicious 


THANK YOU 

Author- K.Sai Kiran

Tricky Hash





Comments

Post a Comment

Popular posts from this blog

Embed Backdoor in any Android app | Android Hacking | Tricky Hash |

  H OW TO  CREATE A ANDROID TROJAN INTRO Everybody  install and use apps these days. So, the easiest way to hack a android by embed a Backdoor to a normal apk File. Now, install this apk file in your Victim's phone by using some Social Engineering trick.  When it is executed the user will see a normal app but in the same time our Backdoor will be running in the Background. REQUIREMENTS A Legitimate android apk file. Kali Linux  The FATRAT (Linux Tool) PROCEDURE   To embed Backdoor in any legitimate apk, we use fatrat. We have to install Fatrat in out terminal. Fatrat is used to generate local or remote listeners. It can generate payloads in various formats.  To Install Fatrat we'll have to use the following commands:  git clone  https://github.com/Screetsec/TheFatRat.git After cloning into TheFatRat now type: ls (enter) cd TheFatRat (enter) ls (enter) chmod +x setup.sh (enter) ls (enter) ./setup.sh (enter) It will automatically install all the required dependencies please be pa
10 comments
Read more

Linux for Beginners | Tricky Hash

Linux Operating System is the best known, free and open source operating system. Linux is broadly used in operations of server based machines, security tools and number of such categories. Fedora, Cent OS, Ubuntu, Debian are one of the famous flavours from Linux family. If you are looking to experience Linux Operating System, then it is highly recommended to make yourself aware regarding few important commands.  There are generally two types of user in Linux, Regular User who celebrates limited access and Root User who celebrates complete access. Let's see few master terms and commands every beginners should know in Linux OS: • Root User : Root User in Linux celebrates access on all the commands and files. • man : This "man" command provides complete manual of any command. For example: "man passwd" • locate : This "locate" command helps user to find the files by name. • ls : This "ls" command helps to list the table. • pwd : PWD here stands
5 comments
Read more

How to Guess any Password like Hackers Do | Password Cracking | Ethical Hacking |

In this article, I am going to tell you how Hackers and Crackers crack the password by Guessing. After reading this, you will be able to start think like a hacker. They use some methodologies while guessing and cracking passwords. So let's dive into it:  1. Guess the most common passwords At the end of every year, a list of the 25 most common passwords is released. These passwords are the easiest to guess and thus the most commonly hacked. Though you should avoid picking any of these passwords for yourself, try guessing from this list of passwords: 123456@  12345678  abc123  qwerty  monkey  letmein  dragon  baseball iloveyou  trustno1 1234567  sunshine  master  123123  welcome  shadow  Ashley  football  Jesus  Michael  ninja  mypassword  password1 2. Use some common password tricks  Other than guessing the most obvious passwords, there are a some tricks that are used by hackers. They know, for example, that there's at least a 50% chance that a victim's password will have on
4 comments
Read more