Skip to content

XSS attacks a practical example

I’ve been talking with Hackathology and he was having trouble understand the context of certain XSS attacks, so I decided to write him a quick PHP document which creates vulnerable variables and examples. The document has links which perform the injections on itself, I didn’t have IE handy to test so forgive me if the IE examples don’t quite work but hopefully they should.

So if you’re looking to learn how to protect your site against XSS or want to know how to perform pen testing then please download and run the document on a local testing server. Please don’t run it on a live site because it obviously contains security holes. Note this document was intended for people learning, so any hardcore hackers will probably not find anything of interest.

Hope it helps, download the document here:-
XSS demos

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Slashdot
  • StumbleUpon

Comments 9

  1. Joshua Grainger wrote:

    Thanks for this, it really helped me understand better the vectors for the strange examples.

    Posted 01 Oct 2007 at 8:27 pm
  2. .mario wrote:

    Hi!

    Nice one! Just to mention - Kishor once created the XSS in eXceSS tool which is also great for learning. Maybe you like to take a look here:

    http://h4k.in/xssinexcess

    Greetings,
    .mario

    Posted 01 Oct 2007 at 9:51 pm
  3. Gareth Heyes wrote:

    @Joshua

    No problem I’m glad I helped :) I might do another example soon with some more advanced stuff so stay tuned.

    @Mario

    Excellent link thanks

    Posted 01 Oct 2007 at 10:23 pm
  4. Bipin 3~ Upadhyay wrote:

    @Gareth:
    Gareth, as always, comes up with another interesting, yet simple post. hehe :)

    @.Mario:
    Thanks for the link.
    BTW, is there any story behind the handle <b>.mario</b>? ;)

    Posted 02 Oct 2007 at 8:56 pm
  5. ";alert('XSS');// wrote:

    <META HTTP-EQUIV=”Link” Content=”<http://ha.ckers.org/xss.css>; REL=stylesheet”>

    Posted 18 Mar 2008 at 4:11 pm
  6. Gareth Heyes wrote:

    What’s the point? sigh

    Posted 18 Mar 2008 at 4:24 pm
  7. fragge wrote:

    “<META HTTP-EQUIV=”Link” Content=”<http://ha.ckers.org/xss.css>; REL=stylesheet”>”

    LOL

    Posted 19 Mar 2008 at 5:29 am
  8. lakye wrote:

    may i ask.. how to make this document work?

    Posted 18 Jun 2008 at 5:00 pm
  9. Gareth Heyes wrote:

    @lakye

    You need PHP and a web server, you can use IIS on windows or XAMPP [1]
    On the mac it comes built in with Apache and PHP but there’s a nice app that lets you run it in the applications folder called MAMP [2]

    http://www.apachefriends.org/en/xampp.html [1]
    http://www.mamp.info/en/mamp.html [2]

    Once you have those installed the examples should work when you copy the files into the web document root.

    Posted 18 Jun 2008 at 5:45 pm

Post a Comment

Your email is never published nor shared. Required fields are marked *

Comment spam protected by SpamBam