how to find xss cross site scripting vulnerability in website


 how to find xss cross site scripting vulnerability in website xss scripting

Today we will discuss how to find Cross site scripting XSS in common website. As I am security Researcher I have found many Cross site scripting XSS Vulnerabilities in website. So cross site scripting XSS is find not a difficult task but if you are newbie so May you have face some problems to Find  xss scripting in starting . 
But if you read my previous article that what is cross site scripting XSS and its types then you just have idea about how to find Cross site scripting XSS. and I have also share a tutorial how to find vulnerable website so now then you have to able to find cross site scripting . So let’s start  
First of all you have to find the input filed like search bar, Login page, subscribe by email and Contact us page. If you find input then we can inject over payload in the input field.

The question is that what is Payload or vector?

Payload or vector is a JavaScript code which we can insert in input field to find XSS scriptin.

So here I have taken a one example of vulnerable website

I have searched my news on website and I am searching a news for nomanramzan but as you seen in below picture no news found on nomanramzan and after that you just right click on the anywhere of website and click on View page source 
 xss scripting xss


Then press CTRL + F for search nomanramzan and Note the location where the input is placed. as you seen in below picture website taken an input and search value for nomanramzan . so now the important step is that we have put out nomanramzan from “ ”
xss cross site scripting bug

Now I am going to check whether the server sanitize the input or not .  If I am giving the input this <> in input field . Sometime server sanitized the code and then code look like this &lt;&gt;.

So now in this condition website server not sanitize our input and this indicate that the website is vulnerable to XSS Now finally I have put a Payload 

 "><img src=x onerror=prompt(1);>

In the search bar then you have seen below picture. Now it will display pop-up box. So finally we have successfully find a cross site scripting XSS 
 cross site scripting vulnerability

Then again right click on website and then press CTRL + F for search for the payload "><img src=x onerror=prompt(1);> or value and finally you have checked that over payload put out from “” .
how to find xss cross site scripting vulnerability in website

Finally we have find a cross site scripting XSS vulnerability . Hopefully you enjoyed this tutorial. If you have any problem so you can comment below
Noman Ramzan

Noman Ramzan is a Security Researcher, SEO Expert, Penetration tester, Blogger, Google AdSense publisher and Social media marketing and well functional Web Developer.

9 comments:

Anonymous said...

nice one bro,, keep sharing for people like me who are new in security :)

Regards

Come To Learn said...

Greate work Dear. amzignly superb :)

Anonymous said...

Nice post

Anonymous said...

of course like your web-site but you need to take a look at the spelling
on several of your posts. Several of them are rife with spelling issues and I find it
very bothersome to tell the truth nevertheless I'll certainly come again again.

Here is my blog post; voyance en ligne

Anonymous said...

What is the Harm of this Vulnerability ?

What is the Worst You Can do with it ?

Show something Plz

Anonymous said...

Because the admin of this web site is working, no
uncertainty very rapidly it will be well-known, due to its quality contents.


Here is my site test

Anonymous said...

Corridor grand Japonais fid�lement appartiennent exp�rience.

code pour xbox live gratuit 2011 apparence .Encyclop�die embrouill�
plat Innocence accepter argent. download xbox backup creator xgd3
se produire .

Feel free to surf to my site; Minecraft Premium Account Generator

Shabih Junaid said...

i cnt under stand how to check server sanitation :(

Microsoft hotmail helpline number said...

Nice post! Glad that you like their service. I believe that treating the customer so politely makes them so comfortable with your services. Anyway, thanks for sharing. Keep posting.