XSS (cross site scripting) attack kya hai? XSS vulnerability ethical hacking

dosto agar ap hacking ke bare me thoda bahut bhi jante hai to apne suna hoga ki xss (cross site scripting) attack kya hota hai. ek hacker is vulnerbility (kami) ka kya fayda uthata hai. aur isse website ko kaise hack karke website ka information nikal leta hai. agar ap iske bare me nahi bhi jante hai to apko ye post padni chahiye taki ap ye jan sako ki cross site scripting attack kya hota hai. aur kaise kiya jata hai aur ye kitne tarah ke hote hai.



 Top 4 best hacking tools, learn in ethical hacking in hindi



xss (cross site scripting) attack kya hai?



dosto XSS ka matlab cross site scripting hota hai. 


kisi bhi website me malicious code inject karke uske data ko churana xss (cross site scripting) kahlata hai. XSS ek web application vulnerbility hai, jaise ki ap jante hai website alag-alag language se milkar banti hai jaise- html, asp,css, php javascript.


lekin har language me koi na koi kami hoti hai, to usi kami (bad code) ki kami ke jariye website ko hack karke website se information ko nikalna XSS attack me ata hai. is attack se website ke admin ka  user name, password, cookies aur database ko chori kiya ja sakta hai.


xss (cross site scripting) work 


yah ek web application/website vulnerbility(kami) hai. yah aisi vulnerbility hai jo hacker ke liye bade kam ki hai. dosto apne kai website dekha hoga usme kai tarah ke form, search box ya comment box hote hai, to yah aisi vulnerbility hai jo ki isi form, search box ya comment box me payi jati hai.

agar apne kabhi website banayi hogi to ap jante honge ki ek website ke 2 part hote hai-



#1. user interface jise ham samne se dekh sakte hai.

#2.dusara uska database jo ki kai languuge se milkar bana rahta hai jaise- html, javascript, php, css, asp etc.

to dosto XSS (cross site scripting) attack me kya hota hai kisi bhi website me agar yah kami hoti hai aur ham usme koi script inject karte hai to web page use apne anadr ke code ke sath le leta hai. jaise man ke chalo facebook ek website hai aur usme ye vulnerbility hai to kya hoga usme comment box hai agar ham us comment box me agar koi script dal de to wah script facebook ke database ke sath inject ho jayegi. aur dosto ye script koi cammand bhi ho sakta hai jaise us cammad me uske database ko download kar sakte hai aur us website ke administrator detail bhi nikal sakte hai. aur badi asani website ko hack kar sakte hai.


example =  
http://testphp.vulnweb.com/guestbook.php




yah  ek webbsite hai jisme yah vulnerbility hai, agar ham iske comment box me jakar kuch scrit dal dete hai to yah script is website ke man code ke sath mikar apna kam karne lagta hai. jaise hamne comment box me <body bgcolor=”blue” yah cammand diya to dosto  yah website ka color blue ho gaya qki hamne is cammand me yah hi likha hai ki iska color blue ho jaye. to ab apko yah XSS(cross site scripting) ke bare me samaj a gaya hoga ki yah kaise work karta hai.

Types of XSS (Cross-Site Scripting)

#1. server xss- isme hacker jo script use karta hai o website ke server ke sath match karke store ho jata hai. matlab yah website ke server me jakar store ho jata hai. isme stored xss ata hai.


#2.client xss- isme jo client ki galti se jo kami hoti hai use client XSS kahte hai. isme reflected xss aur DOM based xss ata hai.

Stored XSS (cross site scripting)attack-

yah server site vulnerbility hoti hai aur yah permanently hoti hai. agar koi hacker kisi website ko is stored xss attack karta hai to yah website ke server me hamesa ke liye chala jata hai aur stored ho jata hai. isse hacker us website ke database ya user name password ko chura sakta hai.

Reflected XSS (cross site scripting)-

ya temprary hoti hai, matlab ya usi browser me kam karta hai jo hacker use kar raha hai. bad me yah nahi rahta hai. is kami ke jariye hacker website ko defacement kar sakta hai malicious code inject kar sakta hai aur bhi bahut kuch kar sakta hai.

reflected xss (cross site scripting) work- jaise hacker koi website me koi script inject karta hai, to ya script website ke server me jakar stored na hoke website me ek alert or popup show karta hai, matlab server se reflect ho jata hai.

DOM (document object model) Based XSS-

is vulnerbility ki madad se hacker website ka design chang kar sakta hai. uska content bhi chang kar sakta hai. webvsite ko dusre website me redirect kar sakta hai. yah koi bada error messege or dangours messege show karwa sakta hai. website ka man page ko bhi chang kar sakta hai.

Click to comment