XSS Tutorial Complete[ultimate]

Today I Am Going To Introduce You To The Main Common Code Injection Cross Site Scripting

So Let's Have Some Talks About XSS Stands For Cross Site Scripting
It's The Main Code Injection Through Which An Attacker Can Gain Unauthorized Access To System With Few JavaScript Injections :)
And That Allows An Attacker To Send Client Side Scripts To The Server Viewed By Another Person

In Case Of Simple Understanding
The Attacker Just Sends JavaScript To Client Server And Then Whenever A User As A Victim Logs In Then It Executes Malicious Scripts That's It :D

Few Causes :

1 : Phishing
2 : Cookie Stealing
3 : Server Rooting
4 : Defacing
5 : Hijacking Session Contents

Let's Start

First Start With Finding Vulnerabilities :)
Just Go To This Website Suppose = http://www.wordhippo.com/

Then Find Input Through Which You Can Send Malicious Crafted Scripts To Users For Identifying Vulnerabilities In Website

Input Could Be Anything Like Search Box , Comment , Login , Sign Up , Registration Form And Anything That Allows An User To Input Data/Information

For That You Must Have Some Basic Knowledge Of JavaScript And HTML That's It :D

After Getting That Just Use JavaScript And Then It Automatically Notifies You Whether It's Vulnerable To XSS Or Not

Types Of XSS

1 Persistent XSS = Persistent Means Permanent XSS When Malicious JavaScript Injection Remains In The Websites Forever

For An Example

Let's Take An Example Where A User Can Submit Their Records In Database And Email Them So That It Stores In It And Later On An Administrator Can See The Result Of The Message He Received
Now An Attacker Store XSS In It And If There's Poor Validation Of Queries In Website Then It Can Be Execute For Example

A Forum Where We Are Registered And Send Message There We Send Malicious Scripts And Later On It'll Executed And Whenever A User Tries To Open It Then He Will Get Pop Up Notification Result And That Can Be Used As Defacing And Many Other Unpredictable Methods

Non-Persistent XSS, also referred as Reflected XSS , is the most common type of XSS found now a days. In this type of attack, the injected code will be send to the server via HTTPrequest. The server embedd the input with the html file and return the file(HTTPResponse) to browser. When the browser executes the HTML file, it also execute the embedded script. This kind of XSS vulnerability frequently occur in search fields.

Example:
Let us consider a project hosting website. To find our favorite project, we will just input the related-word in the search box . When searching is finished, it will display a message like this "search results for yourword " . If the server fail to sanitize the input properly, it will results in execution of injected script.

In case of reflected XSS attacks, attacker will send the specially-crafted link to victims and trick them into click the link. When user click the link, the browser will send the injected code to server, the server reflects the attack back to the users' browser. The browser then executes the code .