Hello, Guys here after short break m back with my Cool Post on XSS (Cross Site Scripting), today m gonna explain you : How Cross Site Scripting works, How to Prevent it and Understanding XSS Vulnerability & Exploits. Basically many of you'd not understood XSS Exploits Properly, So lets create, Explore, learn and Exploit.
Cross Site Scripting (XSS)
Well, you might have heard a lots about XSS is one of the most easy and Common Web Application Vulnerability that allows an attacker to Inject his own script into Web pages and run into Server and that is really very dangerous. XSS can deface website, hack admin, Steal Session Cookies Modify Web Server and Web Pages etc.
* Simple Explaination of XSS :
Suppose you create a Website using Some web programming languages like HTML, Javascript or PHP and you create one Input box in your web-page like Please Enter your Name : ,Okay ? & when any normal user will Enter his name like : Vivek then definitely your web-page will reflect that name to the user and says Hello, Vivek. Right ?? (Make sure that you've understand above example Properly, this also requires knowledge of HTML and Javascript Programming languages).
And What if ? an attacker visits your web-page an he also Inject some Script of HTML Tag and Suppose your Web-page does n't have WAF Protection (WAF : Web Application Firewall : That prevents XSS & SQLi attack and filters your Strings into Characters.). then simply that script will execute webpage and an attacker will able to run his Own Script into Web Pages. So lets learn more about XSS.
Cross Site Scripting tutorial with Programming
Okay, guys let's explore Cross Site Scripting and learn advance and more deeper about cross Site Scripting. But you must know HTML, & little bit about Javascript, PHP and HTTP Architecture.
Part 1. Programming & Understanding Reflected XSS Vulnerability.
* So here m using Dawn Pentest Lab to show you tutorial with complete explaination with Programming and Vulnerability Exploits. Even I'll prefer you to use Dawn Pentest Lab to learn this tutorial.
* Start your DVWA Lab Click on XSS Reflected and keep Security Level on Low, for medium and High Exploits we'll increase it.
Click to Enlarge it
1. So, first of all there you can see that it has given us one box asking : What's your name ? well, if you'll enter your Name it will reflect back to you and Say : Hello, Vivek. Just do it and Also remember one thing in XSS always check URL to identify XSS.
Click to Enlarge it
2. Now Just Enter one HTML Tag like this : <Hunt> & Identify what it does ? now right click on webpage & Click on view Page Source, & search for Hunt if you'll see same text into Source Page <Hunt> that means the website is Vulnerable to XSS.
Click to Enlarge it
3. Now, you can see that web-page accepted that HTML tag that means we can Inject our own script into webpage and the web-page doesn't have WAF Protection. So, now let's use some Evil mind :D, use some scripts that can proof that this web-page is really vulnerable to XSS, Basically we always use Javascript <script>alert("XSS")</script>.
Click to Enlarge it
4. So you got a Pop-up that saying XSS, that means the website is vulnerable so can u understand ? why did it happens ? Okay..! Now just open Source code and Programming code of this Page Go to : C:\xampp\htdocs\dvwa\vulnerabilities\xss_r\source and Open that low.php file and try to understand it how it works.
Click to Enlarge it
5. Simply you can understand that how it works and it does not contain any types of Protection against XSS and HTML Injection that's the reason the website is vulnerable to XSS, Now let's try something Harder. Open DVWA and Change Security Level to Medium. And do the same thing Enter <Hunt> to check whether it is vulnerable or not ?
Click to Enlarge it
6. Now you can see this is also vulnerable, let's try the same script that we used to Pop-up XSS window in the low level security <script>alert("XSS")</script>. and Submit it.
Click to Enlarge it
7. Hey mate ? But you where sure ? that the website is vulnerable to XSS as it accepted that HTML tag into webpage <Hunt> so why not it doesn't Pop-up XSS Box ?....! Okay now just once again click on Source Code
Click to Enlarge it
8. Okay, now the website bypassed our HTML tag <script> & removed that from the source code that means the website is using some kind of Protection Against XSS, let's try something new :D Just Enter this Script and I'm sure you'll get XSS Pop-up : <Script>+alert('XSS')</script>.
Click to Enlarge it
9. Well, now you'll think what's the matter ? you know the website is using Bypassing techniques to bypass our Strings, now Just go to the same location
C:\xampp\htdocs\dvwa\vulnerabilities\xss_r\source and open medium.php file and Compare it with low.php try to understand how it bypassed your String and protected web-page from first Script Code. You'll see that it contains one more statement that black list your Command <script> and when someone will enter this command then website automatically bypass that string and keep website protected from script command this technique is often used in web-app to protect Web Pages against XSS.
Click to Enlarge it
10. So, that was the reason : The Web site bypassed our code so we used <Script> instead of <script> ..! we can also call it Blacklist. That is blocked by Web Application..!
11. So you might how can we protect our Web-page against XSS attacks ?
let's look into hard level we'll find the answer, Increase Security level to High and do the same thing using <Hunt> method, and View Page source.
Click to Enlarge it
12. Now look into Page Source : This is the biggest challenge for hackers to create and Pop-up XSS into Hard level, it's really very hard you can try as much as you can, This is called WAF : means the Web Application using HTML WAF that filters your Strings into Some HTML characters so no one will able to Inject command into Web Page and there would be no XSS Vulnerability. and Finally you'll see that the it bypass all our script and we're not able to Inject our command into Web Page Source, so explore the high.php file from that location and you'll see it is being protected by htmlspecialchars that bypass every strings, tags that is related to HTML Programming.
Click to Enlarge it
So you might have understood little bit about XSS Vulnerability and Exploitation we'll learn more advance Techniques in Upcoming post so please stay tuned with us and Keep Sharing, and Increase us.
Feel free to comment and Ask your Problem and Please Share it :)
0 comments:
Post a Comment