Journal Entry One - February 28th 2005 - XSS Part One

Started by Phlux, February 28, 2005, 04:46:05 AM

Previous topic - Next topic
As I have previously stated my interests lay within hacking into a website and changing content. I must first state that this would in no way shape or form be to destroy the work of the respected owner. This is for pure knowledge. Step back a few years when - to me - Hacking = Sub7...then yes I would have tried to take down Microsoft for the fun of it, well that still sounds like a good idea, but I want to get into talking about Cross-site scripting, not to be confused with Css programming the underground term is simply dubbed Xss.

Xss exploits work on the dynamic content of webpages - which allows customizable control to be added much like this forum. The opposite of this type of site would be called a Static Site, simple basic html.

The reason why this exploit works is the fact that "untrusted" content can be introduced into the site. I take that as the dynamic content is considered a variable and if you know how to tweek that variable you can come out "on top" with all sorts of information about the user who is accessing the page.

The tweek that I am speaking of is Javascript and once refined could be considered Malicious Script.

"An attacker who can convince a user to access a URL supplied by the attacker could cause script or HTML of the attacker's choice to be executed in the user's browser. Using this technique, an attacker can take actions with the privileges of the user who accessed the URL, such as issuing queries on the underlying SQL databases and viewing the results and to exploit the known faulty implementations on the target system." - Referenced Website

As I paste that quote it reminds me to insert this quote: Keep your friends close and your enemies closer. By that I mean I found all this information so far on a website that is talking about how to protect yourself. I didn't get it off of a site that's address is www.howtohack.com/everythingyou'veeverwantedtoknow.html

Actually, to excite my curiosity - which is why we have these hobbies - I searched for "How To Hack a Website" I found a result on a message board that told windows users to open up command prompt/dos and type "deltree c:\windows" the person who posted that message said that command would clear your log files. I typed it in knowing it would be a yes or no answer and it said...Do you wish to delete the "c:\windows" directory. So be cautious when listening to people giving hack advice...they may be victims of attacks and are seeking revenge or amusement.

<..A HREF=http://legitimatesite.com/registration.cgi?clientprofile=<..SCRIPT>malicious code<../SCRIPT..>>Click here</A>

The above is an example of a malicious script. I belive every letter character that can possibly be typed also has a mirror character in the for of ascii. For example if you ever type in "Bronx Zoo" in a search query, the url will be http://www.google.com/etc etc=Bronx%20Zoo. That's because %20 = a space in ascii form. So if you are goin to put malicious script in a link, take advantage of that and reassign the letter value for the numerics.

"When an unsuspecting user clicks on this link, the URL is sent to legitimateSite.com including the malicious code. If the legitimate server sends a page back to the user including the value of clientprofile, the malicious code will be executed on the client Web browser." - Referenced Website

In simple terms..it sends an actual website link and that legit website is what shows up in their brower...BUT added/attachted to it, is code to further complete the obligations of the "ATTACKER". Which can be but not limited to: Stealing cookies and sending unauthorized requests without "VICTIMS" knowledge.

My next post will continue here where  I left off, talking more about Xss and possibly ways to detect and successfully find exploits, after I gather and reassess new information.

P.S. Referenced Website: http://www-106.ibm.com/developerworks/security/library/s-csscript/

SMF spam blocked by CleanTalk