Search This Blog

Powered by Blogger.

Blog Archive

Navigation

How to deface website with Cross Site Scripting ? : Complete XSS Tutorial

This is my third article about Cross site Scripting Tutorial. Now let us see how a hacker deface a website with XSS vulnerability?
Never implement this technique. I am just explaining it for educational purpose only.
Defacing is one of the most common thing when the hacker found the vulnerability in website. Defacing is changing the content the website hacker content. Most of time, attacker use this technique to inform about the vulnerability to Admin. But it’s bad idea..!
Script for chaning the background Color of a website:
<script>document.body.bgColor=”red”;</script>
Script for chaning the background image of a website:
<script>document.body.background=”http://your_image.jpg“;</script>
Defacement Page with Pastehtml:
First of all upload some defacement page(html) to pastehtml.com and get the link.
When you find a XSS vulnerable site, then insert the script as :
<script>window.location=”http://www.pastehtml.com/Your_Defacement_link”;</script>
This script will redirect the page to your pastehtml defacement page.
Note: You can deface only persistent XSS vulnerable sites.
Share
Banner

Bijoy Tech

Post A Comment: