What is XSS?
Well it is a way of inserting the malicious javascript code in your page in the form of the input therfore every time the page loads the script gets loaded in the webpage sense that the new code got inserted in the website
Which is called the cross site scripting.
oday tutorial was about Hacking Tutorial how to do Cookie Stealing via Cross Site Scripting Vulnerability with persistent type. This kind of vulnerability was much more dangerous than the non-persistent one, because it will affect the whole user of the website that has this kind of persistent Cross Site Scripting Vulnerability. This type of vulnerability can give you access to other user account and even to administrator that maintain the website.
To make you can understand much more about this tutorial, I have already create a simple forum using PHP and also a database using MySQL. I know this forum was not user friendly and even sucks but the important thing here is the logic about how this attack can happen in real world.
Okay let me introduce about this simple forum first. This simple forum has 3 type of user there is Admin, Registered User, and also Guest (admin, user, and guest). All of this user will have the same board where they can replied one with another to make some conversation, every conversation was saved on database; that’s why every user can see their posting history.
Let’s start the preparation for our tutorial.
REQUIREMENTS :
1. Simple Forum HTML
STEP BY STEP :
1. I have already host this simple forum to the free web hosting out there at. Because I only use 1 computer, I will separate the access between user and admin. Administrator will log in using Google Chrome browser and user was log in using Mozilla Firefox.
And then user also log in to the simple forum and start the conversation.
Admin log in again and then replied the user
BTW, this user was already know that this simple forum website has an XSS hole where he can input some html tags in it. Now he want to collect the cookie available over that message board.
The malicious user was also have other free hosting out there with address attacker.loveslife.biz where he host the other PHP script to record all of the cookie he got from the simple forum.
If you see the picture above, the malicious user put some javascript that refer to his hosting at attacker.loveslife.biz/trap.php.
7. When the administrator log in to that simple forum, he will not found something strange was happen.
Comments
Post a Comment