Home > Cloud Computing > Cloud Security

XRS-Cross Relative Scripting

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Introduction
 
XRS is Cross Relative Scripting Which Means Scripting the site With 3Rd Party resource.
With XRS We can Do Spreading, XSS Tunnel, Phishing Etc. As it was a very affective method,
We still Exactly Does Not Know Who was Founded It. But it was Full of Wothy. So Guys Today. we will Know about It in the future.
 
Founders
Not Exactly Known "Anon-
 
What It affects
Spreading, XSS Tunnel, Phishing Etc
 
So, We Have Discussed a quite About it. Now to Main Intro
 
Finding Vuln.
It was the Long duration taking process in XRS. before going to this we need to know what is
Sub tags. ie.
 
Code:
T = B = h = r = tw = etc
Are called sub tags. there will be 10-10,000 subtags based on site. every subtag have its own importance.
If we need to find a vuln You have Something like this:
Code:
Www.2cto.com/h = x & t = x
The combination of any two subtags with any symbol like % # @ % etc. are likely vuln to XRS
So, now Collect all the Sub Tags.
 
1.1: Checking For "tr3"
First of All We need to Know what is "tr3". Tr3 meand the link will be Subsitubable. So, it means It can be
Exucutable With 1 sub tag.
Code:
Www.x.com/hsf-xw.zw.* -- (0)
If it was excuted without any error viola we can proceed To next.
 
Hacking With XRS
OK, its time to inject XRS
First, We need A host. Go to Google and Search for free internet.
Regester any one and open ftp.
Now Creat A txt file called "tr03" And Kepp the XSS String in it.
Upload It To Host.
Copy link. voila We complted basic
 
Go:
Code:
Www.2cto.com/h = x (<.> (Your host link without brackets) % z = * -- (0> (Size of tr03 file)
 
OK Now You Will get pop up Like "Ha ha XSS" based on your String.
 
Now its time to spreading...>
 
Delete The Existing File And Reupload one which is binded with your javadriveby
The binding shoshould/3 (Very Important ))
Upload it.
Now EDit XSS String inside As, [Your number was 545436 You have Won this Contest click OK proceed]
And done. E-mail it to Some Shit members After clicking OK. they Will get java drive by card. some will click OK.
Then finish you got a Slave.
 
Thanks For reading. Hope you Find it Useful.

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More