Sign in to follow this  
Followers 0
ImaginarySuperHacker

The worst one can do with XSS?

7 posts in this topic

I found an xss vulnerability in a certain forum software.

I was wondering what's the WORSE someone can do with XSS, and can you provide an example?

I don't want to hear cookie stealing, redirecting, or simple things like that. I want to hear advanced stuff :D

0

Share this post


Link to post
Share on other sites

I found an xss vulnerability in a certain forum software.

I was wondering what's the WORSE someone can do with XSS, and can you provide an example?

I don't want to hear cookie stealing, redirecting, or simple things like that. I want to hear advanced stuff :D

cookie stealing, redirecting, and defacement are the main uses for XSS, I mean you can create a worm, but with no payload there really isn't any use for it.

1

Share this post


Link to post
Share on other sites

Making requests to internal IP addresses iz purty fuqn pheerless. :cool:

0

Share this post


Link to post
Share on other sites

Since you can make other users run javascript, you could use it to run another browser plug-in/ActiveX exploit (Adobe Shockwave, PDF, IE 7 DirectShow, etc) and force them to download your program/spyware/virus/trojan/yougettheidea.

You could run a javascript based bot like Jikto (or another one I've on ha.ckers.org but I can't remember the details).

You could make their browser visit child porn sites owned by the law enforcement which will get their IP addresses recorded and then the FBI track them down and raid their home. Which kinda happened to this guy.

You could phish the admins password and hope the same password will work on the servers SSH (more likely than you'd think).

Not that you should do any of these (illegal) things of course.

0

Share this post


Link to post
Share on other sites

I've used XSS simply to grab posted form data, one specific example would be a form that contained SSN and driver's license info. I'm more interested in mining data rather than doing something destructive. My first malicious javascript code I used for XSS is at http://retoros.org/~lattera/code/js/samplexss.js

0

Share this post


Link to post
Share on other sites

Since you can use javascript and jquery with XSS, one tactic you can use is kind of like session hijacking and cross site referral forgery:

Because your XSS on the site has the site name in the referrer information, you can automate form submissions on the affected site in the context

of the logged-in user. For example, if an attacker found an XSS vulnerability in a payment processing web site, the attacker could use the vulnerability

to send a malicious link to a logged-in user, which would then (using jscript or jquery) force the logged-in user to send money to the attacker via a

form submission. This would also bypass referrer checking in most cases because the domain name would be in the referrer URL.

Click-n-pwn.

NOTE: This is not something that I condone in any way. I am simply explaining the full potential of an XSS vulnerability.

0

Share this post


Link to post
Share on other sites

A lot if a script stores credentials in the query-string for bookmarking like this N00b: somerealphpscriptsomewhere.com/web/login.php?loguid=Keluang_men%40&logpwd=FlyAlway. Both the use ID and passwd are stored. This guy, at one time had a gaping XXS hole too.

You could also setup a fake login by injecting HTML through JavaScript, making it look like a session has timed out, and send submitted credentials to a PHP server somewhere.

Edited by tekio
0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0