How to Do XSS and Resolve it in a Website (Part 1)
Assalam-o-Alikum !!!
Itx An0n 3xPloiTeR !!!
Today I am going to show you that how to do xss in sites. and in the other part i'll show you how to resolve XSS.
But this one is only for how to make XSS in sites
so first of all
what we need is that you need to learn html, css and php. for this process and if you dont know them, i'll prefer you to use
Okay and if you know them very well lets start :)
first of all we simply create a form which prints your name
it asks you your name and then it prints it.
so lets start
let me tell you that i am using GET method to get the data from the remote side (user) to the server side (server).
The Html Code For This Will Be:
<form action="" method="GET">
<input type="text" name="name" placeholder="Your Kind Name Here" size="15" />
<input type="submit" name="submit" value="Submit" />
</form>
<input type="text" name="name" placeholder="Your Kind Name Here" size="15" />
<input type="submit" name="submit" value="Submit" />
</form>
Because of we are using gET method so in method its
method="GET"
now lets save it and open it using xampp on localhost or 127.0.0.1
for this you need to get xampp installed i already have it installed if you dont have it installed try googling it :D
so our html code will produce this kinda result :)
now if you enter anything and submit it the page will refresh and will do nothing
so according to the topic we are going to make a xss attack vulnerable site
so let me write the php code for that
itx a simple php code and i am not going to add anything which will do xss and no one writes the code to let anyone do xss on his site. he/she just make a simple site and sitting blissfully.
so i am going to write a simple php code that'll echo out (print out the thing i write in the box)
so that'll be:
if (isset($_GET['submit'])) {
$name = $_GET['name'];
echo $name;
}
?>
Okay As You Saw That. what it'll do it will echo out anything you give
so lets save it along the html code we wrote
it'll look like this:
Okay now let us open it on browser and type there anything in my case i'll type
<center><font color="red" face="cursive" size="200%">This Site is Vuln to XSS</font></center>so lets save it along the html code we wrote
it'll look like this:
Okay now let us open it on browser and type there anything in my case i'll type
hye there
Now lets submit it and see thy result :D
okay so this is the result :D
now let me just simply enter a html code that'll show itself on the page.
Code:
Code:
Okay so now let us put this code in the box and submit it.
so this'll be the result of that.
now let us perform a prompt using javascript code that'll be:
so this'll be the result of that.
now let us perform a prompt using javascript code that'll be:
<script>alert("This site is vulnerable to XSS");</script>
okay so if you give in the box nothing will appear because i am currently using it on chrome browser let me change it to firefox because chrome dont show the prompts we do in xss. so it's not so good to use while doing xss.
lets open firefox and give this code in the box and submit it.
so we got a prompt on the firefox browser.
if you have noticed that while we are using the gET method the code we write is appearing in the url. but in pOST method we cant see nothing so we can minimize XSS attacks by Noobs using POST method. But some elite haxors can use a widget or addon to pOST it.
so lets proceed to pOST method in the last part i'll tell how to make site safe from XSS :)
now what we are going to do that we are just simply going to use POST method not GET method so lets change the code which we wrote :)
Our code will be like this if we change gET into POST
<form action="" method="POST">lets open firefox and give this code in the box and submit it.
so we got a prompt on the firefox browser.
if you have noticed that while we are using the gET method the code we write is appearing in the url. but in pOST method we cant see nothing so we can minimize XSS attacks by Noobs using POST method. But some elite haxors can use a widget or addon to pOST it.
so lets proceed to pOST method in the last part i'll tell how to make site safe from XSS :)
now what we are going to do that we are just simply going to use POST method not GET method so lets change the code which we wrote :)
Our code will be like this if we change gET into POST
<input type="text" name="name" placeholder="Your Kind Name Here" size="15" />
<input type="submit" name="submit" value="Submit" />
</form>
<?php
if (isset($_POST['submit'])) {
$name = $_POST['name'];
echo $name;
}
?>
so now lets type anything and submit it.
okay if you see the screenshot nothing appeared in the url or anywhere
why ?
because we are using now POSt method in POST method nothing comes in the url :)
it posts it directly to site which we cant see but if you use burpsuite, tamper data or anyother modded addon which you've seen in the screen shot we can also see the POST data to site just click on the POST button:
As you can see nothing came in the box of POST data but if we click on the load Url:
<center><font color="red" face="cursive" size="200%">This Site Is Vulnerable to XSS</font></center>okay if you see the screenshot nothing appeared in the url or anywhere
why ?
because we are using now POSt method in POST method nothing comes in the url :)
it posts it directly to site which we cant see but if you use burpsuite, tamper data or anyother modded addon which you've seen in the screen shot we can also see the POST data to site just click on the POST button:
And now click on it we can get the POST Data as:
So the data appeared in the POST Box now let us just simply change it from the POST box and add the code we wrote of html:
okay so now lets submit it in the box or in the post data box:
And click on execute we will get the result on the page again as above
So this was the pOST and GET method XSS which i told and it is reflective XSS.
In the Next Part i am going to tell about how to remove and minimize xss from your site :-)
Thanks for Reading !!!
How to do xss, how to minimize xss in a website, how to remove xss from a website, how to perform xss, xss, cross site scripting, working with php to make site vulnerable to xss, sites vulnerable to xss, xss attempts, xss prompts etc.
And click on execute we will get the result on the page again as above
So this was the pOST and GET method XSS which i told and it is reflective XSS.
In the Next Part i am going to tell about how to remove and minimize xss from your site :-)
Thanks for Reading !!!
How to do xss, how to minimize xss in a website, how to remove xss from a website, how to perform xss, xss, cross site scripting, working with php to make site vulnerable to xss, sites vulnerable to xss, xss attempts, xss prompts etc.