Lets first start with the basic concept of IT. which is taking a input and showing the output. A basic program which takes your name as a input and shows you the output as "Hello yournamehere".
So in case a user enters "ZEN" as a input, then the output will be "Hello ZEN".
But what if someone enters "ZEN You got pwned!!" as input, then the output will be "Hello ZEN You got pwned!!". In the same manner the web input functionality is abused by passing malicious input and injecting an unpredicted output. So now we will see how a basic XSS work.
There are many ways a webpage takes input it can be GET, POST, Headers, Cookies etc. First of all we will start with the basic, which is GET. Use the below URL for this tutorial.
http://training.bsnl.co.in/main_module/course_directory_search.asp?selected_c_institute_cd=TINST_3&selected_year=2014&course_string=zen
okay now the first thing we can see in the url is "course_string=zen" which means it is taking an input using GET. Lets check if the input is reflected under the source code. Check out the source code of the page you will see "value="zen">". As we can see our input is used under the source code, we will try and first close the double quote and then the Tag using "> then we will inject our injection. So lets try one.
http://training.bsnl.co.in/main_module/course_directory_search.asp?selected_c_institute_cd=TINST_3&selected_year=2014&course_string=hello"><script>alert("XSSed By Zen")</script>
And our alert gets injected. This is how we can do a basic XSS. We will move to more complex examples soon.
0 comments:
Post a Comment