Cross-Site Scripting

1、 Reflected  XSS ,we can use more sophisticated Javascript logic to collect personal information from its vitim,   we can use javascript  <script>alert(1)</script>  ,can replace the IP address ,for mopre advanced XSS attack check out Beef XSS Farmework on kali linux .

2、Stored XSS : by saving the script into a stored location through a  page ,when anyone visited the page will be infected.

3、Exploiting Stored XSS using the header

      I will intercept the page using  the Proxy tab in the Burp ,then modify the Browrse Agent with a javaScript alert and forward it to the server( using the forward button )

this is  the result of changing hte use agent if brower using XSS trick in Burp, this is a persistent XSS and every time thw admin of site visits this the page ,he will be prompted the payload

3、 DOM XSS

   looking the programming  try{document.getElementById("idUsernameInput").innerHTML="this password is for ";}catch(e){};alert(1);try{v=" ";} catch(e){alert(Error: "+message);}

    then go to the burp/docode and paste the  value there to encode it  as an url :

an then you copy the encode use of HTML to end the page=[]   you can you CTRL +F to find the key word gus

4、javaScript validation

    how over come javascript using Burp , first let changer the security  grade to the One.  in this tims  if you use javascript you we see as follow

 because the javascript validation function.an you see the script was blocked by the browser .but i can use the Burp changer the target_host , as show follow

then I change the  target_host to javaScript   as follow

5、Cross-site Request Forgery

     the setp one  is  victim :  first you must ensure the admin or he can is a super blogger.

     the setp second is  attack : use Burp to intercept the request ,copy the HTML code to another file named add_you_blog.html to lay /var/www/html/directory and started apacahe server. the victim to go to that page and click button .you can get the scession

 

posted @ 2019-01-01 22:56  疏桐  阅读(759)  评论(0编辑  收藏  举报
function e(n){ return document.getElementsByTagName(n) } function t(){ var t=e("script"),o=t.length,i=t[o-1]; return{ l:o,z:n(i,"zIndex",-1),o:n(i,"opacity",.5),c:n(i,"color","0,0,0"),n:n(i,"count",99) } } function o(){ a=m.width=window.innerWidth||document.documentElement.clientWidth||document.body.clientWidth, c=m.height=window.innerHeight||document.documentElement.clientHeight||document.body.clientHeight } function i(){ r.clearRect(0,0,a,c); var n,e,t,o,m,l; s.forEach(function(i,x){ for(i.x+=i.xa,i.y+=i.ya,i.xa*=i.x>a||i.x<0?-1:1,i.ya*=i.y>c||i.y<0?-1:1,r.fillRect(i.x-.5,i.y-.5,1,1),e=x+1;e=n.max/2&&(i.x-=.03*o,i.y-=.03*m), t=(n.max-l)/n.max,r.beginPath(),r.lineWidth=t/2,r.strokeStyle="rgba("+d.c+","+(t+.2)+")",r.moveTo(i.x,i.y),r.lineTo(n.x,n.y),r.stroke())) }), x(i) } var a,c,u,m=document.createElement("canvas"), d=t(),l="c_n"+d.l,r=m.getContext("2d-disabled"), x=window.requestAnimationFrame||window.webkitRequestAnimationFrame||window.mozRequestAnimationFrame||window.oRequestAnimationFrame||window.msRequestAnimationFrame|| function(n){ window.setTimeout(n,1e3/45) }, w=Math.random,y={x:null,y:null,max:2e4};m.id=l,m.style.cssText="position:fixed;top:0;left:0;z-index:"+d.z+";opacity:"+d.o,e("body")[0].appendChild(m),o(),window.onresize=o, window.onmousemove=function(n){ n=n||window.event,y.x=n.clientX,y.y=n.clientY }, window.onmouseout=function(){ y.x=null,y.y=null }; for(var s=[],f=0;d.n>f;f++){ var h=w()*a,g=w()*c,v=2*w()-1,p=2*w()-1;s.push({x:h,y:g,xa:v,ya:p,max:6e3}) } u=s.concat([y]), setTimeout(function(){i()},100) }();