Well, this is a simple example of an XSS vulnerable site. Its displays my cookie when i initiate document.cookie. If u know what i mean by cookies, then u will understand that, u can edit cookies too. Lets explain more on this below. Note, no beef with the site owners, just an example.
For some months i have been studing more on Cross Site Script (XSS) and i think i need to post this.
ABOUT THE SCANNER
-Well that scanner, should get y
Lemmie upload some photos of what the scanners can do.
So we are going to discuss the following
a) Cookie Stealing
c) Xss in general and how to apply the attack
What Is a Cookie?
A cookie is a sensitive piece of data. You see once you go to a site and sign up a cookie is set to remember you. A cookie just holds data that the site can check that you have and see if youve been there before, if you have then it checks to see if the user and password are correct then logs you in. Picture your at a night club and you buy a ticket and they give you a band. So you can go in and out (so you dont have to rebuy a tickey) Cookies go much farther then that as you can see. Night Clubs remember you for one night. Cookies can remember you for ever.
Alerting & Spoofing
What Is XSS?
XSS, or CSS, whatever you perfer to call it, XSS (CSS) stands for Cross Site Scripting. Basically that means you inject script any kind, to make it do whatever you want... Depends what you inject will depend on the outcome. With XSS you can also steal input. Such as user names passwords and cookies. This will all be discussed so will many examples and this article should help you get creative with XSS.
With XSS you can execute any type of script on the client and the server. XSS isn't just executing script, but also stealing input. You setup XSS to grab the input and post it on your site in a secret file! This isn't all that XSS can do. Xss can also steal cookies. Cookies hold valuable Information such as user / passwords etc...
So there was this question, the file output that the stealer script picks and pastes at the evil server with the cookies, could there be a google dork, that can help search for these outputs? Good Question, right? Hehehehe..............
Cross site scripting seems to be the future of web attack and new techniques develop every day. Good read. Will edit more later, since this was written in a Hurry and i havent explained more on the attack too, so hold on, atleast i did an Introduction.