Hey guys this is a tutorial on css or cross site scripting I am not going to go in depth on how the attack works but I will give you the basic idea of in what situation you could use it in. So for example the comments section below every post on my website could possibly be vulnerable (but it is not) but to test it instead of just regularly posting a comment you would attempt to post some code e it HTML or JavaScript. My first example would be trying to post html in the comment here is my example. <h1> Hello </h1>
If the comment gets submitted and it does get put in as a header 1 size font then the site is css vulnerable. The next thing you would do is put in some JavaScript. Here is my JavaScript example.
<script>alert(hello);</script>
If this goes through then having a basic knowledge of JavaScript is all that is need to do whatever you please with this victims website.
Please remember this is illegal to perform without permission so use this knowledge wisely.
Hope you guys like this tutorial.
If the comment gets submitted and it does get put in as a header 1 size font then the site is css vulnerable. The next thing you would do is put in some JavaScript. Here is my JavaScript example.
<script>alert(hello);</script>
If this goes through then having a basic knowledge of JavaScript is all that is need to do whatever you please with this victims website.
Please remember this is illegal to perform without permission so use this knowledge wisely.
Hope you guys like this tutorial.
No comments:
Post a Comment