WebScarab 5: XSS Haunt

XSS Haunt

Today in this tutorial we will discuss about the xss attack using the WebScarab , I’ll introduce to you first with the (XSS)  Cross-Site Scripting is a type of computer security vulnerability typically found in Web applications (such as web browsers through breaches of browser security) that enables attackers to inject client-side script into Web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same origin policy.

Now I’ll tell you how can we check the XSS Vulnerability in the www.xyz.com website.

First-off-all you have to configure the proxy(localhost  with port 8008) in the browser and after that open the website in the browser , just after that u can see the fallowing result in WebScarab as shown in fig:

To check out the XSS vulnerability , just click on XSS/CRLF tab and see the result as in fig:

After checking out this result, click on the Edit Text Strings and it will show the script that we have to inject and you have to click on ok and after that click on check and you get the fallowing result as shown in fig:

and after that click on check and you get the fallowing result as shown in fig:

Again click on the Summary tab as shown :

And double click on arrow given in the above fig and

In the above fig the XML code is given of that particular page and particular location , where the XSS attack is working  here you can find out the vulnerability and change your coding according to the attack it showing.

This is the actual line of coding where the XSS Attack is working in the below image the text format is also given , and from here you can change  your coding and patch the vulnerability………