Perhaps we often see some experts test XSS vulnerability is a window to alert. Think of XSS as such, when you alert out of the window, they say that they found a loophole.
It's not that simple, actually. What you find is just a small bug for programmers, far from XSS. Their relationship is like the relationship between system vulnerability and exploit. Has your system ever been "memory cannot be read"? Do you know that it is a manifestation of an overflow vulnerability? But it is not so simple to make exploit, can you say that you have discovered an overflow loophole?
XSS masters of those XSS, we can take out what to do, such a thing can be a loophole.
So what can you do with XSS vulnerabilities? I think there should be a few: Shangri-La Casino
1, targeted hanging horse. So this kind of website must be the game website, the bank website or is about QQ, the Taobao or the influence quite big website, they must have our usual need to steal the account password, certainly also perhaps is this site the view quantity is quite high, we can put more horses to hang out. And if it is just plain often a small site of the XSS vulnerability, if we want to hang horse, then it is better to directly put the Trojan page address to paste out.
2, the user rights to operate. This kind of website must have a member, and these members have many meaningful operations or have the internal personal data we need, so we can use the XSS to the logged-in visitors have permission to operate. I think the theft of cookies should count as this, because the purpose is to obtain user operation rights (including password theft), so as to obtain certain information of the user or the related actions under the permission.
3, DDoS attacks or puppet machines. This also requires a very large number of sites, the use of small sites do not want us to attack or obtain information. We can use this page to access users to continuously attack other sites, or to do LAN scanning and so on. This kind of JS tool has already produced, JS Port scan, Jikto, Xssshell and so on.
4, the right to raise. Generally this occurs mainly in the Forum or information management system, in short must have the administrator. This requires the attacker to be quite familiar with the target system (usually such a system requires open source code) and thus knows how to construct the statement for power.
5, to achieve special effects. For example, I inserted in the Baidu Space video, insert the section, for example, some people in the Sina blog or Xiaonei implementation of the special effects and so on.
Conclusion:
So you should be aware of the nature of these sites: very high traffic, a member, an administrator, a valuable account password, or a meaningful implementation of special effects.
If you've read Ajax Hacking with XSS, you should know that XSS contains at least seven ways of input XSS and textarea XSS. Where URL xss belongs to input XSS, most of these vulnerabilities are reserved XSS, and textarea XSS is generally not reserved for XSS. This means that normal access to a page is not triggered by the retention of XSS, although this is the vulnerability of most Web sites, which is called search-type XSS vulnerability.
So when you get an input XSS, you just alert out a small box. You fanfare with someone, you find a loophole, and you can alert him to a box, but in fact you can't do anything. Even if you can hang a small trojan, it is also very meaningless things-because you do not have to directly in their own virtual host to do the XSS page sent to others.
Unlike SQL injection, XSS is a client-side thing. The purpose of SQL injection is often to get the permissions of the target system, and the SQL statement itself is the service side of the instructions, but XSS is generally to obtain the client's things, the execution of the client's instructions. So they can "go wrong" and yell, you can not because "alert" out of the "XSS window" and disorderly call, otherwise it will only let others joke.
What you can do with the Web site with XSS Injection vulnerability