Ethical Hacking and Penetration Testing Guide


How to Identify XSS Vulnerability



Yüklə 22,44 Mb.
Pdf görüntüsü
səhifə223/235
tarix07.08.2023
ölçüsü22,44 Mb.
#138846
1   ...   219   220   221   222   223   224   225   226   ...   235
Ethical Hacking and Penetration Testing Guide ( PDFDrive )

How to Identify XSS Vulnerability
Since XSS is an input validation problem, we will probe all the inputs and try to figure out any 
input that is not sanitized such as url parameters, forms, cookies, and file uploads before it’s 
returned to the user.
The basic test for finding if a website that is prone to XSS vulnerability is to inject the following 
piece of code, which is a minor variation of the XSS locator code found on “OWASP XSS Filter 
Cheat Sheet.”
'"<>();[]{}XSS
Once you inject this payload into every possible input, view the source of the page that was 
rendered back. Then, try finding the word “XSS” in the source; how do you see it reflected back? 
If any one of these characters is not escaped, then the website is probably vulnerable to an XSS.
Types of Cross-Site Scripting
Primarily, there are three types of cross site scripting vulnerabilities:
1. Reflected/nonpersistent XSS
2. Stored/persistent XSS
3. DOM-based XSS
You might come across others too, but they are just variations of these three vulnerabilities.


372
◾ 
Ethical Hacking and Penetration Testing Guide
Reflected/Nonpersistent XSS
This is one of the most common forms of a cross-site scripting vulnerability that you would find 
in a reflected XSS attack. The input is reflected back to the user, and it’s not stored on the server 
or the database. These types of XSS attacks are a bit harder to exploit, since we need the victim to 
click our specially crafted payload.
Let’s talk about an example of a simple cross-site scripting vulnerability. I will use dvwa to 
demonstrate the attacks on low, medium, and high security levels. Let’s start by looking at the 
underlying vulnerable code for a low security level.
Vulnerable Code
As you can clearly see, the input taken from the user via the GET variable 
name
is being 
reflected back to the user without any sanitization.
Most of the times, you'd be performing a black box penetration test in your career as a pen-
etration tester. Therefore, you won’t have access to the underlying code for performing a source 
code review. In that case, we would need to perform black box penetration testing. So our first test 
would be to inject the payload '"<>();[]{}XSS and see how the page returns.
After injecting the payload from the source, we can see that no escaping is being performed 
on the input.
Let’s try injecting the following piece of code:



Web Hacking
◾ 

Yüklə 22,44 Mb.

Dostları ilə paylaş:
1   ...   219   220   221   222   223   224   225   226   ...   235




Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur ©azkurs.org 2024
rəhbərliyinə müraciət

gir | qeydiyyatdan keç
    Ana səhifə


yükləyin