HACKING WEBSITE WITH PERSISTENT XSS
Today I had received tutorial on Hacking website with the persistent XSS by INDI-HEX. If you remembered this is the group who had hacked the pakistan search engine URDUMAZA yesterday by same XSS attack. Let's have a look to the tutorial submitted by INDI-HEX
- Use Google/Bing Dorks for finding XSS vulnerability in the site.And If you are lucky then atleast one site you will get with Persistent XSS Vulnerability.
GOOGLE DORKS:-
inurl:".php?cmd="
inurl:".php?z="
inurl:".php?q="
inurl:".php?search="
inurl:".php?query="
inurl:".php?searchstring="
inurl:".php?keyword="
inurl:".php?file="
inurl:".php?years="
inurl:".php?txt="
inurl:".php?tag="
inurl:".php?max="
inurl:".php?from="
inurl:".php?author="
inurl:".php?pass="
inurl:".php?feedback="
inurl:".php?mail="
inurl:".php?cat="
inurl:".php?vote="
inurl:search.php?q=
inurl:com_feedpostold/feedpost.php?url=
inurl:scrapbook.php?id=
inurl:headersearch.php?sid=
inurl:/poll/default.asp?catid=
inurl:/search_results.php?search=
- Let take an example take this site urdumaza.com.pk
- Look for webpage which has XSS Vul.
- eg:-
- urdumaza.com.pk/urdu-poetry/search.php
- You can see a Search box on Top left hand side i
- nsert Your C0de there.
- Like they have used <h1>hacked by Un_N0n Antil0g</h1> As shown in video
- Insert the C0de in that search box , and press Submit.
- A Webpage will appear , showing results. blah blah xD !! , ignore it.....
- Then Goto Link --> http://www.urdumaza.com.pk/search
- When Page appears , you can see The Code entered By you .
- "As it is persistent XSS , Code will remain there forever.
No comments:
Post a Comment