XSS Holes

by **Froger** on Fri Sep 12, 2008 6:35 am ([msg=11473]see XSS Holes[/msg])

Can someone brief me up on what XSS holes are? And how to inject them? Ive been looking for hours and just dont see how they can be useful. You can pm me or just post it on here so everyone can see.

Thanks to whomever helps out.

XSS basically means that I can put my JavaScript or HTML code on your website. That's not good.
There are two types of XSS: stored XSS and normal XSS.
Normal XSS is bad enough, stored XSS is awful.
Take a look at this: http://www.fujifilm.co.uk/search/search ... rch=Search
That is normal XSS.
I can't get an example of any stored XSS because I've only seen one example of it, and I reported it and it's now fixed. However, stored XSS is where the code you place on their website is stored - i.e. in a comments box, or a post on a forum. The implications of this are simple: you do not have to be tricked into visiting that webpage.

Now what's up with XSS?
Well say I emailed you - pretending to be PayPal - and said "blah blah blah visit our website - payypal.com and sign in etc", you would be able to tell that is a fake email, due to "payypal.com".
Now if I sent you the same email but with a link to paypal.com/[XSS String], you would find it much harder to tell the difference and as soon as you click the link, your login cookie is stolen or you're given a fake login page etc.

I know this isn't a particularly good explanation but I will be writing an article on it soonish, with pictures etc.

Hope this helped.
thedotmaster

by **Froger** on Mon Sep 15, 2008 2:44 pm ([msg=11787]see Re: XSS Holes[/msg])

Dude you rock. This is exactly the kind of answer I was looking for. Thank you. Your answer is much appreciated.

Froger wrote:Dude you rock. This is exactly the kind of answer I was looking for. Thank you. Your answer is much appreciated.

No problemos.

by **Froger** on Sat Oct 04, 2008 11:17 am ([msg=13106]see Re: XSS Holes[/msg])

Well ive come a long way since I created this thread. If admins want they can delete it. Now im studying up on SQL. I know the language and know how to use injection methods. As for finding sites vulnerable thats a different story.

Froger wrote:Well ive come a long way since I created this thread. If admins want they can delete it. Now im studying up on SQL. I know the language and know how to use injection methods. As for finding sites vulnerable thats a different story.

Thing about SQL injection is you must know SQL. A lot of people try to get away with injecting SQL they found on the internet and while occasionally this may work, it won't work all the time and it's rather skiddyish.
The bit of SQL that's always thrown around (' OR 1=1--), not including brackets, practically never works. However, I do find it useful for finding vulnerable inputs. If an input field is vulnerable, it will spit back an error if you type that in. Most of the time, anyway. The error will probably be something like "Error in SQL syntax".

But yep, the best thing to do is learn SQL. Not just SQL injection.
(And I've just noticed you say you know the language. Good.)