XSS kya kyu kaise ? - Hindi Idea

Hello dosto swagat hai aapka hamare blog hindi idea me aaj hum aapko XSS ke bare me batayenge 

XSS kya kyu kaise ?

Dosto kisi bhi xss vulnerable website me mellicious code ko inject karke website ke  data churana ya webaite ko hack karna xss(cross site scripting) ko kahlata hai. xss ek web based vulnerbility hai. aap to jante hi honge ki puri website alag alag language se milkar bani hoti. hai Ex php,html,javascript,css....etc
 lekin agar web devoloper dwara agar website ache se nhi banaya jaye to aam tor par ye vulnerbility mil jati hai jiska use  karke hacker website hack karke cookies admin usernames,passwords,cc_details etc data chura sakta hai.

XSS (cross site scripting)  Working methood

Dosto aapko pata lag hi gaya hoga ki xss based web vulnerbility hai or hacker iska fayda kaise utha sakta hai aap to jante hi hai ki website me search box,comment box paye jate hai.
Dosto iss Vulnerbility me hacker ya attacker website ke search box ya comment box me aise script ya commanddalta hai jo  execute ho jata hai.
Acha hum maan lete hai ki google.com me xss vulnerbility hai to hacker kya karega hacker google.com ke search box ya comment box kahi par bhi jayega aur waha koi mellicious script dalega ye script ya command bhi ho sakti hai toye script server se execute hokar aapke samne result show kardegi

XSS (cross site scripting examples)

Example(http://testphp.vulnweb.com/guestbook.php)

yeh ek website hai jisme xss vulnerbility hai to hacker comment box me jakar script inject karega to script server par jakar execute ho jayegi or hame result show kardegi.
Mana ki ham iss website ke comment box me jakar <body bgcolor="blue"> ye wala command dalte hai to wo command execute ho jayegi or website ka background color change ho jayega

 XSS  ke Types

1. Server xss(#server side cross site scripting)

Dosto iss xss me hacker jab mallicious code inject karta hai tab script website ke database me store ho jati hai iss type ke xss ko server side xss attack kaha jata hai

2. Client side Xss(#client side xss)

isme agar client dwara website banane me jo kami hoti hai use clent side xss attack kaha jata hai isme reflected xss aata hai

Stored XSS (cross site scripting)

Ye server side scripting hoti hai ye permanently hoti hai agar koi hacker website me script inject karta hai to wo permanently website ke databased me stored ho jata hai iss vulnerbility se website ka defacement bhi kiyga jata hai

Reflected Xss( cross site scripting)

ye temperory xss hota hai iss vulnerbility me attacker script inject karta hai to website ke database me store na hokar server se reflect ho jati hai or hame popup show hota hai

Dom Based Xss(cross site scripting)

iss type ke xss me website ka pura design ko change kiya ja sakta hai  Or website ke content ko bhi change kiya ja sakta hai or agar  attacker chahe to website me dangerous javascript ya mellicious code inject karke website ko nuksan pahucha sakta hai