Phishing The Smart Way Using XSS Vulnerabilities


In this article Mr srinivas will show us how we can carry out Phishing attacks in a smart and effective way by using XSS  vulnerabilities .This Phishing attack is a bit advanced and if your a newbie i would recommend you to read the following articles first


What is Cross Site Scripting?
It is a vulnerability typically found in web applications.A hacker can use this vulnerability to inject client-side script into web pages viewed by other users. 


What can an attacker do with this?
 Attackers can do the following things
  •  Steal user cookies and can take complete account takeover
  •  Steal data on web pages viewed by victim
  •  Deface pages viewed by victim
  •  Use web pages for phishing
In this article i am going to explain how phishing can be done using XSS vulnerability in web applications.To understand this, you need to have the  knowledge of normal  phishing.


Advantages over normal phishing:
In Normal phishing the victim will be given a link which is made by the hacker. A person with basic knowledge can recognize that it was a fake link.But in XSS the victim cannot suspect the link because it contains a trusted URL.


Demonstration Of XSS -Phishing 
Steps involved in the attack
  • Finding a XSS vulnerability
  • Craft your link.
  • Send the link to your victim

Step 1: Finding a XSS  vulnerability
First we need to find a vulnerable website. This can be done using google. Go to google and search using the following Dork.
inurl: "search.php?q="
To test the vulnerability you can inject the following code in search fields,comment fields of your website.
<script>alert("you are hacked")</script>
If it returns an alert box showing “you are hacked”, That site is vulnerable to XSS.


Step 2: Craft your link.
In this step we have to craft a link from the vulnerability of the website.
Your link will look like
http://site.com/search.php?q=<script>alert("you are hacked")</script>
You can use your specially crafted link to steal your victim’s information just as in phishing.


EXAMPLE:
I am showing you an example with vulnerable link found in google.
Note:
This link is kept here for demonstration purpose only. I will not be held responsible if you do any thing illegal with this and this bug is not fixed yet. If google fixes it,it may not work.


http://www.google.com/search?btnI&q=allinurl:http://www.101hacker.com/
(credits- wolfmankurd)
When  the victim clicks this link,he will be redirected to http://www.101hacker.com/ 
You can replace http://www.101hacker.com/” with your fake login page’s link.Then it takes the victim to your fake login page.


Step 3:Send the link to your victim
Now you can send your specially crafted link to the victim by any means as you do in normal phishing.


Conclusion:
This is such a dangerous vulnerability in web applications. It got 2nd rank in OWASP top 10 vulnerabilities.If a hacker finds this vulnerability in any of the bank websites, he can attempt a malicious attack against the customers of the bank and steal lots of information like credit cards, account numbers, passwords etc by simply sending a group mail to the customers of the bank.


If you have any doubts regarding the article please feel free to comment 
About the Guest Author:
This article is written by Mr Srinivas, He owns Hackinginception where he writes articles related to hacking .If your interested in writing a guest post @Hackaholic please contact me

Subscribe to Hackaholic

Enjoyed this article?
Subscribe to "Hackaholic"and get daily
updates in your inbox for free!

Related Posts Plugin for WordPress, Blogger...

Anonymous

John..Can you write an article on persistent attacks!!

REPLY
admin said on December 29, 2011 at 8:20 AM :

Bt i got result not found.

REPLY
admin said on December 29, 2011 at 8:21 AM :

How your phish link found in google search

REPLY
madhu said on April 7, 2012 at 12:24 PM :

free web hosting sites now not working..how to create fake login page??? plz help

REPLY
Unknown said on August 26, 2012 at 6:14 AM :

damn it's awesome !! thanxx keep going
I would like you to write an article about softwaires how can steal passwords

REPLY

Use the form below to comment. No spam please!!!

© 101hacker | Design by Mukund edited by John
Powered by Blogger