- Back to Home »
- hacking , website , xss attack »
- XSS ATTACK
Posted by : Unknown
April 06, 2014
How to Find XSS Vulnerabilities:-
To start finding these Vulnerabilities you can start checking out Blogs, Forums, Shoutboxes, Comment Boxes, Search Box's, there are too many to mention.
Using 'Google Dorks' to make the finding easyier, Ok if you wanna get cracking, goto google.com and type inurl:"search.php?q=" now that is a common page and has alot
of results. Also note that most sites have XSS Vulnerabilities, its just having a good
eye, and some good knowledge on how to bypass there filteration.
Basics of XSS:
Well now lets start learning some Actual Methods, the most common used XSS
injection is :
<script>alert("ASHACKS")</script>
now this will alert a popup message, saying "ASHACKS" without quotes.
So,use "search.php?q=" and you can simple try the following on a website with the
same thing,
http://website.com/search.php?q=<script>alert("ASHACKS")</script>
There are good chances of it working, but dont be worried if it dont, just try diffrent sites. You can insert HTML not just javascript :
http://website.com/search.php?q=<br><br><b><u>ASHACKS</u></b>
if you see the bold text on the page and newlines then you knows its vulnerable.
Example:
To start finding these Vulnerabilities you can start checking out Blogs, Forums, Shoutboxes, Comment Boxes, Search Box's, there are too many to mention.
Using 'Google Dorks' to make the finding easyier, Ok if you wanna get cracking, goto google.com and type inurl:"search.php?q=" now that is a common page and has alot
of results. Also note that most sites have XSS Vulnerabilities, its just having a good
eye, and some good knowledge on how to bypass there filteration.
Basics of XSS:
Well now lets start learning some Actual Methods, the most common used XSS
injection is :
<script>alert("ASHACKS")</script>
now this will alert a popup message, saying "ASHACKS" without quotes.
So,use "search.php?q=" and you can simple try the following on a website with the
same thing,
http://website.com/search.php?q=<script>alert("ASHACKS")</script>
There are good chances of it working, but dont be worried if it dont, just try diffrent sites. You can insert HTML not just javascript :
http://website.com/search.php?q=<br><br><b><u>ASHACKS</u></b>
if you see the bold text on the page and newlines then you knows its vulnerable.
Example: