Tuesday, 27 November 2012

XSS(Cross Site Scripting) Part 1:


Hello Everyone,
Today I am going to share with you some basic methods of XSS attack.


XSS or Cross Site Scripting is a vulnerability found in web application. It is method by which malicious script is injected into the the websites .These type of attacks is made by injecting some code written in client side scripting code like Javascript or VBscript .And once the code is executed in the browser side it can be used to perform attacks like generating popups , cookie stealing and as well as website defacement.

XSS can be divided into 3 different category 

  • Non Persistent 
  • Persistent
  • DOM Based

In this tutorial I am going to discuss mainly on Non Persistent XSS attacks. The other techniques will be presented in separate tutorial.

CAUTION
"This tutorial should be used for educational purpose only. I won't be responsible if you misuse this techniques and get yourself in trouble.Performing such attacks without the permission of the owner can lead to serious trouble.Most of the websites uses IDS to check the input sent by the user.Any malicious script if detected by these IDS coming from your IP then your IP will be logged and henceforth  blocked"



Prerequisites of this Tutorial:
  • Knowledge on PHP .
  • Knowledge on HTML & JavaScript.
  • Knowledge on Form Processing in HTML.

Non Persistent XSS
Non Persistent XSS attacks are caused due to improper filtering / no filtering of the input sent by the user.They generally does not cause much harm but they can be used to extract information stored in cookies and can be also used for many other purposes.


Scenario
This a simple web application that is developed using PHP and HTML. The working mechanism is simple. It asks for a user input and then displays the input  .

Now lets have a look at the HTML code.


Here we are using POST method to send the input information to the target page display.[hp which is written in PHP .Lets analyze the PHP code of display.php



Now we can see that there is no filtering of the input and and input is directly displayed.
Now I are going to inject some malicious code into the input

Here is my malicious code which I am going to inject in the input field.
                 <script language="javascript">alert("You are hacked");</script>

And here is what I get in the browser.



Now we see a popup. 
The reason why this popup executes is simple . When the injected code is passed ,the browser have no idea if its malicious or not,it just executes it just like a normal javascript code. Now when this code is executed we see this popup. Now you might have a question in your mind how this can be harmful . Well I will explain you it in later posts after I cover the remaining 2 types of XSS.
---------------------------------------------------------------------------------------------

Friday, 9 November 2012

C++ Code Hacking 1: Pointer Exploitation

C++ Code Hacking 1: Pointer Exploitation

                 Today I am going to show you how you can access the values of private member variables directly inside main() without the use of any member function.
                  We know that we can access private member variables with the help of public member functions only. It is impossible to access it directly inside main() through objects.But I am going to prove you wrong . Note: This is the final code


 
     Output: Password Extracted !!! 





                                        Now I will explain what I exactly did here. We know we can access public member variables directly. So I extracted the memory address of of the public variable 'id'. Now because all variable are stored in memory in a continuous manner it is possible to get the address of other variable by knowing the address of one variable.Here I knew the address of the variable  'id'. So I managed to get the password variable address  by trial and error method . Once I got the address of the password variable then I managed to retrieve the value of password (a private member variable) inside main() without any public member functions.

 Few thing you should note here:
  • To exploit in this manner you should have at least one variable in public section of same data type. I haven't tried with other data type so can't tell you about it.
  • To find the address of the variables you need to try out various combinations . 
------------------------------------------------------------------------------------------------------------