How do I code a XSS script?

[jamesxg1]

Hiya!

 

I know XSS is un-secure but I was wondering how I would code a XSS code, I have tried to Google it but there is nothing, all I am finding is XSS preventation. I was wondering if someone knows a tutorial or maybe if someone can show me an example of how to make an XSS script.

 

Many thanks

 

James.

[jcbones]

You want a cross site code?

<?php
echo file_get_contents('http://www.google.com');
?>

[Rustywolf]

Isnt XSS javascript?

 

Its bascally just echoing something from the $_GET['function']

 

<?php
echo $_GET['xss'];
?>

[jcbones]

NO, XSS is cross site scripting.  When someone talks about it, it usually involves some kind of injection attack. 

 

But, anytime you are including, or scraping pages from one site to another, it is cross scripting.

[jamesxg1]

Ah right I see, well I'm trying to make it so that I can provide my customers with a script on their own website without actually have to script, the script will be held on my server and I'm looking for a way for them to include it on their site.

 

Many thanks

 

James.

[mrMarcus]

to clear things up, XSS is a way to inject malicious code (usually javascript, but not always) into a website/page.

 

XSS is usually achieved by way of improperly secured form data, where a loser, i mean hacker/cracker/whatever, does something as simple as:

 

<script>window.location="http://www.bad-site.com/";</script>

 

into a comment box on a site.  now, if the site does not handle (strip or convert entities) the incoming data from a form, that code will be executed each and every time a user reaches that page.  now, a simple redirect is harmless in respect that things can get a lot worse, ie. cookie manipulation, etc.

 

anyways, if you just want your users to access one file located on your server, just use include