-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathexplain.php
More file actions
176 lines (171 loc) · 10.7 KB
/
explain.php
File metadata and controls
176 lines (171 loc) · 10.7 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Cross-Site Scripting (XSS) - Explained</title>
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0-alpha1/dist/css/bootstrap.min.css" rel="stylesheet">
</head>
<body>
<nav class="navbar navbar-expand-lg navbar-dark bg-dark">
<div class="container">
<a class="navbar-brand" href="#">Cross-Site Scripting (XSS) - Explained</a>
<div class="collapse navbar-collapse">
<ul class="navbar-nav me-auto mb-2 mb-lg-0">
<li class="nav-item">
<a class="nav-link" href="index.php">Home</a>
</li>
</ul>
</div>
</nav>
<div class="container mt-5">
<div class="row">
<div class="col-md-6">
<h2>What is Cross-Site Scripting (XSS)?</h2>
<p>
Cross-Site Scripting (XSS) is a type of security vulnerability that allows attackers to inject malicious
scripts into web pages viewed by other users. This occurs when a web application doesn't properly
validate or sanitize user inputs and outputs them directly onto the page.
</p>
<p>
The injected scripts execute in the context of the victim's browser, enabling attackers to steal sensitive
information, hijack user sessions, or perform other malicious actions on behalf of the user.
</p>
<h3>Types of XSS:</h3>
<ul>
<li><strong>Reflected XSS:</strong> Occurs when the injected script is reflected off a web server, usually
through a URL parameter or form input. It requires the victim to click on a malicious link to trigger
the attack.</li>
<li><strong>Stored XSS:</strong> Occurs when the injected script is permanently stored on the server, and
every user who accesses the vulnerable page is affected. It is more dangerous than reflected XSS as
victims don't need to interact with the attacker's URL.</li>
<li><strong>DOM-based XSS:</strong> Occurs when the client-side scripts modify the Document Object Model
(DOM) of a web page, leading to the execution of malicious code.</li>
</ul>
</div>
<div class="col-md-6">
<ul class="nav nav-tabs" id="codeTabs" role="tablist">
<li class="nav-item" role="presentation">
<a class="nav-link active" id="php-tab" data-bs-toggle="tab" href="#php" role="tab">PHP</a>
</li>
<li class="nav-item" role="presentation">
<a class="nav-link" id="asp-tab" data-bs-toggle="tab" href="#asp" role="tab">ASP</a>
</li>
</ul>
<div class="tab-content mt-3" id="codeTabContent">
<div class="tab-pane fade show active" id="php" role="tabpanel">
<div class="alert alert-danger">
<h4>Example of Reflected XSS (PHP):</h4>
<p>Let's assume this vulnerable PHP code reflects the "name" parameter in the page:</p>
<code>
<?php<br>
if (isset($_GET['name'])) {<br>
$name = $_GET['name'];<br>
echo "<p>Welcome, " . $name . "!</p>";<br>
}<br>
?>
</code>
<p>When a user visits the URL with a malicious name parameter, like<br>
<code>https://example.com/vulnerable.php?name=<script>alert('XSS Attack!')</script></code><br>
the script gets executed, and an alert will show up saying "XSS Attack!"</p>
</div>
<div class="alert alert-danger mt-4">
<h4>Example of Stored XSS (PHP):</h4>
<p>Suppose this vulnerable PHP code stores comments without proper validation:</p>
<code>
<?php<br>
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['comment'])) {<br>
$comment = $_POST['comment'];<br>
// Store the comment in a file (vulnerable storage)<br>
file_put_contents('comments.txt', $comment . "\n", FILE_APPEND);<br>
}<br>
?>
</code>
<p>When an attacker submits a comment containing a malicious script, like<br>
<code><script>malicious_code_here();</script></code><br>
it will be stored in the file. When other users view the comments, the script will execute for all of them.</p>
</div>
<div class="alert alert-danger mt-4">
<h4>Example of DOM-based XSS (PHP):</h4>
<p>In this HTML page, the vulnerable JavaScript code directly retrieves the "name" parameter from the URL and sets it as the text content of an element:</p>
<code>
<h1 id="greeting"></h1><br>
<script><br>
// Vulnerable JavaScript code for DOM-based XSS<br>
var urlParams = new URLSearchParams(window.location.search);<br>
var name = urlParams.get('name');<br>
document.getElementById('greeting').innerText = 'Welcome, ' + name + '!';<br>
</script>
</code>
<p>An attacker can craft a URL with a malicious name parameter, like<br>
<code>https://example.com/vulnerable.html?name=<script>alert('XSS Attack!')</script></code><br>
which will be executed as JavaScript on the page.</p>
</div>
</div>
<div class="tab-pane fade" id="asp" role="tabpanel">
<div class="alert alert-danger">
<h4>Example of Reflected XSS (ASP):</h4>
<p>Suppose this vulnerable ASP code reflects the "name" parameter in the page:</p>
<code>
<%<br>
Dim name<br>
name = Request.QueryString("name")<br>
Response.Write("<p>Welcome, " & name & "!</p>")<br>
%>
</code>
<p>When a user visits the URL with a malicious name parameter, like<br>
<code>https://example.com/vulnerable.asp?name=<script>alert('XSS Attack!')</script></code><br>
the script gets executed, and an alert will show up saying "XSS Attack!"</p>
</div>
<div class="alert alert-danger mt-4">
<h4>Example of Stored XSS (ASP):</h4>
<p>Suppose this vulnerable ASP code stores comments without proper validation:</p>
<code>
<%<br>
If Request.ServerVariables("REQUEST_METHOD") = "POST" Then<br>
Dim comment<br>
comment = Request.Form("comment")<br>
Set fso = CreateObject("Scripting.FileSystemObject")<br>
Set file = fso.OpenTextFile("comments.txt", 8, True)<br>
file.WriteLine(comment)<br>
file.Close<br>
Set file = Nothing<br>
Set fso = Nothing<br>
End If<br>
%>
</code>
<p>When an attacker submits a comment containing a malicious script, like<br>
<code><script>malicious_code_here();</script></code><br>
it will be stored in the "comments.txt" file. When other users view the comments, the script will execute for all of them.</p>
</div>
<div class="alert alert-danger mt-4">
<h4>Example of DOM-based XSS (ASP):</h4>
<p>In this HTML page, the vulnerable JavaScript code directly retrieves the "name" parameter from the URL and sets it as the text content of an element:</p>
<code>
<h1 id="greeting"></h1><br>
<script><br>
' Vulnerable JavaScript code for DOM-based XSS<br>
Function GetURLParam(name)<br>
Dim value<br>
value = Request.QueryString(name)<br>
GetURLParam = value<br>
End Function<br>
name = GetURLParam("name")<br>
document.getElementById("greeting").innerText = "Welcome, " & name & "!";<br>
</script>
</code>
<p>An attacker can craft a URL with a malicious name parameter, like<br>
<code>https://example.com/vulnerable.asp?name=<script>alert('XSS Attack!')</script></code><br>
which will be executed as JavaScript on the page.</p>
</div>
</div>
</div>
</div>
</div>
</div>
<footer class="mt-4 bg-dark text-center text-white py-2">
© <?php echo date('Y'); ?> System00 Security Bangladesh
</footer>
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0-alpha1/dist/js/bootstrap.bundle.min.js"></script>
</body>
</html>