You hey guys welcome to another episode of net sec now so today we’re gonna discuss a little bit more into web pentesting I know in the last video we went over some very basic sequel injection stuff we used SQL map a little bit I showed you how to test for very basic input validation vulnerabilities up on you know.

Stuff like that so today we’re gonna talk about cross-site scripting or commonly referred to as XSS as most people and some circles call it and basically.

What that is is what it means.

The easiest way to explain it is that it’s input validation much like a sequel injection on a web page but this has to deal with forms now there’s two types of s XSS vulnerabilities there’s a reflective and then there’s a persistent now the reflective value is think of it as computer memory right so when you have stuff on computer memory not saved to your hard.

Drive if you shut your computer off all that stuff goes away you lose all that right so reflective attacks means that if you go to some sort of form.

And it’s vulnerable to an XSS or cross-site scripting vulnerability you would enter in some evil code most of it more 9 out of 10 times I guess you could say that you use JavaScript you know you could do stealing cookies session hijacking all that good stuff and we’ll get into that in later videos but for today I’m just gonna explain how.

It works and show you a couple examples so anyway with the reflective attack is basically you put some evil JavaScript in there and if it’s vulnerable and injectable and it accepts it at that point you can pass that URL over to.

You know some user via a phishing scam or email deal and get them to click on that and steal their credentials or redirect them to another webpage or you could even do some crafty.

Stuff and overlay you know another login box on top of the original login box and this way when they logged in it would send those credentials to you.

So we’ll get into that again in other videos so now that’s a reflective attack and the other attack is a persistent and that’s exactly what it means it’s persistent that means you’re actually able to inject code into a website and then actually writes it to the.

Website so this way anytime as somebody else visits the webpage they are forced to run that code without knowing it now this is usable mostly on you know some kind of forums shout boxes comments you.

Know stuff like that there’s a.

Lot of good webpages out there like WordPress does a pretty good job of preventing that kind of stuff but you know for those out there that are using you know free scripts they.

Download it from somewhere or wrote their own and don’t have the knowledge for input validation you know may be vulnerable and to be honest with you XSS attacks or cross-site scripting attacks are very common and very hard to prevent so they are also very very very dangerous.

They’re probably a little bit more dangerous in some cases than sequel injections so without further ado let’s get into our Kali Linux box here you don’t need.

Any special tools for this guys this webpage I have up here is called dvwa for short or in long it.

Is damn vulnerable web app now this is really pretty much just a web application that will make a video on installing this as a lab but it’s basically a lab where you can test some of your pen to web pen testing skills on now there’s other ones out there too.

Made by a wasp and what we’ll get into that in another video that one’s a little bit more advanced this will work for what I’m trying to show you an exercise so as I said invulnerability reflected cross-site scripting now there’s a couple.

Of different ways to test this you can write JavaScript if you wanted to I like to be more covert and just you know write in some HTML codes so if I did h1 for heading and I’m just gonna use the example I already have in here as high I can actually make that happen and post it now here’s the thing it may come up as a heading or the internal coding of the.

Website may make the results appear as with an h1 tag you know using CSS or something like that the other way to do it is to make two of them and you can make one bolt so for instance if I went ahead and just made this bold with.

And just put this in here and then I just did space world hi should be in bold and world should be in regular text I.

Like to do that just in case like I said they’re using some sort of CSS for their output whereas you know you may not be able to tell if it’s vulnerable or not so let’s go ahead and click Submit and turn off it says hello which is prepended that’s hard-coded into their script and hi.

Of course is in bold because we put the bold tags around it HTML tags.

And world is just regular it is not bold so we know that this is vulnerable to cross-site scripting attack now if you were to inject some evil code in there let’s say let’s.

Just write some quick JavaScript here I already got one saved in there and if we were to go ahead do that and hit submit we’ll get a pop-up box here an alert box.

Saying hello now here’s the thing once you click OK it kind of goes away but you can see here it’s now in the URL because the name parameter here is vulnerable to the XSS injection so now of course as we said earlier you would take this link and send it on over to whoever you’re trying to get.

To click your link steal their credentials cookies session data all sorts of things like that redirect them to a different web page whatever there’s endless possibilities with that guys and we will get into that too it does not.

Hurt to know a little bit of Java scripting and a little bit of HTML for some testing so that pretty much covers reflected cross-site scripting attacks now we’re gonna get into the XSS persistent or XSS stored attacks okay now again this will be useful on like a comments box a shout box you know any kind of news.
Articles something where you could submit your.

Data for other users to see okay so it may work on some older forums it may work on some newer forms that have you know an XSS vulnerability.

In it you don’t know until you try it right or you do a a web pen test and we’ll get into some of those tools in other videos too I’m going to show you guys how to use things like Vega Oh wasps Oh wasps zette attack proxy or zap and then we’re gonna be.

LEAVE A REPLY

Please enter your comment!
Please enter your name here