XSS with 3 Types Full Tutorial

Hi guys to today i got some hacking tutorial for you.
Because some of our reader's give me feedback that also include hacking tutorials.
We like your FeedBack..Thanks..
So now lets comes to the subject, Today we will learn
'XSS' also known as  Cross Site Scripting

 'XSS' allows the attacker/Hacker to put the malicous code, there are most common 3 types of XSS.
1:DOM-Based XSS
2:Non-persistent XSS
3:Persistent XSS
and You can say it is a method of hacking website.
Three types are here:
1:DOM-Based : The DOM-Based Cross-Site Scripting allow the attacker/hacker to work not on a victim website but on a victim local machine:
The DOM-Based XSS exploits these problems on users local machines in this way:
 1:The attacker creates a well created malicious website
 2:The  user opens that site which is malicious.
 3:The user has a vulnerable page(Hackable) on his machine
 4:The attacker's website sends commands to the vulnerable HTML page
 5:The attacker easily gain control on the victim computer.

2:Non-Persistent :
 The non-persistent XSS are actually the most commons vulnerabilities that can be found .
 It's commonly named as "non-persistent" because it works  HTTP response from the victim website: it show a view when the webpage get the data provided by the attacker/hacker to client , automatically generate a result page for the attackers himself. Standing on this the attacker could provide some malicious code and try to make the server execute it in order to obtain some result.

3:Persistent :
The persistent XSS vulnerability is similar to Non-persistent, because both works on a victim site and tries to hack users, informations & other things the difference is that in websites vulnerables to Persistent XSS the attacker doesn't need to
 provide the crafted URL to the users, because the website itself permits to users to insert fixed data into the system, lets make it easy for you , the case for example of "guestbooks". Usually the users uses
that kind of tool to leave messages to the owner
of the website and at a first look it doesn't seems something dangerous, but if an
attacker discover that the system is vulnerable can insert some malicious code in his
 message and let ALL visitors to be victim of that.
This works when the tool provided (the guestbook in the example) doesn't do any
check on the content of the inserted message: it just inserts the data provided from
the user into the result page.

Remember: I will post some tools which will help out you.
and also that how to find XSS vul. in a site.

Author: KinG_HaxoR
Blog: http://PkCyberNews.Com

SHARE

Milan Tomic

Hi. I’m Designer of Blog Magic. I’m CEO/Founder of ThemeXpose. I’m Creative Art Director, Web Designer, UI/UX Designer, Interaction Designer, Industrial Designer, Web Developer, Business Enthusiast, StartUp Enthusiast, Speaker, Writer and Photographer. Inspired to make things looks better.

  • Image
  • Image
  • Image
  • Image
  • Image
    Blogger Comment
    Facebook Comment

1 comments:

  1. I've been using AVG security for a few years, and I'd recommend this solution to everyone.

    ReplyDelete