Hacking For Beginners – Manthan Desai

2010

To be able to bookmark pages, search engines generally leave the entered variables in the URL address. In this case theURL would look like:

http://test.searchengine.com/search.php?q=XSS%20

Vulnerability

Next we try to send the following query to the search engine:

<script type="text/javascript"> alert (‘this is an XSS Vulnerability') </script>

By submitting the query to search.php, it is encoded and the resulting URL would be something like:

http://test.searchengine.com/search.php?q=%3Cscript%3

Ealert%28%91This%20is%20an%20XSS%20Vulnerability%92%2

9%3C%2Fscript%3E

Upon loading the results page, the test search engine would probably display no results for the search but it will display aJavaScript alert which was injected into the page by using the XSS vulnerability.

How to check for Cross site scripting vulnerabilities

To check for Cross site scripting vulnerabilities, use a Web Vulnerability Web Vulnerability Scanner crawl yourentire website and automatically checks for Cross Site Scripting vulnerabilities. will indicate which URLs/scripts arevulnerable to these attacks so that you can fix the vulnerability easily. Besides Cross site scripting vulnerabilities a webapplication scanner will also check for SQL injection & other web vulnerabilities.

You Will Be explained more about this attack in the later part website hacking category..

Directory Traversal Attack

• Directory traversal attacks allow malicious users to literally "traverse" the directory and bypass the access control list togain access to restricted files and even manipulate data.

• These attacks are HTTP exploits that begin with a simple GET or other type of HTTP request from a dynamic page. If yourWeb site is vulnerable, and chances are it is, the server will return with a file that hasn't been properly validated. Amalicious user will then send a request for a file one or more directories up by adding one or more "../" directives to thestring. Each "../" instructs the page to "go up one directory."

www.hackingtech.co.tv

Page 55