{"id":496,"date":"2015-08-17T00:06:24","date_gmt":"2015-08-16T21:06:24","guid":{"rendered":"https:\/\/furkansandal.com\/xenotix-xss-exploit-framework-ile-xss-tespiti\/"},"modified":"2015-08-17T00:06:24","modified_gmt":"2015-08-16T21:06:24","slug":"xenotix-xss-exploit-framework-ile-xss-tespiti","status":"publish","type":"post","link":"https:\/\/furkansandal.com\/xenotix-xss-exploit-framework-ile-xss-tespiti\/","title":{"rendered":"Xenotix XSS Exploit Framework ile XSS Tespiti"},"content":{"rendered":"
XSS (Cross-site Scripting) Zafiyeti Nedir?<\/h4>\n
Kaba yorum ile; web uygulamas\u0131nda a\u00e7\u0131\u011f\u0131n meydana geldi\u011fi input\/inject point (veri giri\u015fi) alan\u0131na g\u00f6nderilen k\u00f6t\u00fc niyetli javascript kodlar\u0131n\u0131n, kullan\u0131c\u0131n\u0131n web taray\u0131c\u0131s\u0131nda \u00e7al\u0131\u015ft\u0131r\u0131ld\u0131\u011f\u0131 bir sald\u0131r\u0131 t\u00fcr\u00fcd\u00fcr. Yani Client-Side (kullan\u0131c\u0131 tarafl\u0131) bir sald\u0131r\u0131d\u0131r.
\nURL adreslerindeki query stringler ve form alanlar\u0131nda s\u0131kl\u0131kla g\u00f6r\u00fcl\u00fcr.
\nPhishing sald\u0131r\u0131lar\u0131na zemin olu\u015fturur.
\nGenellikle POST ve GET metotlar\u0131n\u0131n kullan\u0131ld\u0131\u011f\u0131 alanlarda olur.<\/p>\n
\u00c7e\u015fitleri:<\/b>
Reflected (Yans\u0131yan), Stored (Depolanan) ve Dom-based olarak \u00fc\u00e7 \u00e7e\u015fittir.<\/p>\n
Reflected XSS<\/b><\/p>\n Stored XSS<\/b><\/p>\n Etkileri:<\/b> Temel olarak web uygulamada kullan\u0131c\u0131n\u0131n veri giri\u015fi yapt\u0131\u011f\u0131 alanlarda meta-karakterlerin filtrelenmemesinden kaynaklanmaktd\u0131r.<\/p>\n \n[‘<\/span><\/b>],[<<\/span><\/b>],[><\/b><\/span>],[;<\/b><\/span>],[\/<\/b><\/span>],[?<\/b><\/span>],[=<\/b><\/span>],[&<\/b><\/span>],[#<\/b><\/span>],[%<\/b><\/span>],[<\/b><\/span>],[<\/b><\/span>],[|<\/b><\/span>],[@<\/b><\/span>],[<\/b><\/span>],[“<\/b><\/span>]<\/p>\n Xenotix XSS Exploit Framework Nedir? Ne i\u015f yapar bu alet?<\/b> Ama\u00e7:<\/b> Xenotix XSS Exploit Framework \u0130ndir\/Download<\/b><\/p>\n Kullan\u0131m\u0131:<\/b> Hide<\/i> butonuna basarak popup pencereyi kapatabilirsiniz.<\/p>\n URL<\/i> k\u0131sm\u0131na hedef web uygulamas\u0131n\u0131n linki eklenip Parameter<\/i> k\u0131sm\u0131na da XSS’e u\u011frayan parametreyi yaz\u0131yoruz:<\/p>\n \nDaha sonra Scanner<\/i> men\u00fcs\u00fcn\u00fcn alt\u0131ndan GET Request Manuel Mode<\/i> se\u00e7ene\u011fini tercih edersek bir\u00a0XSS\u00a0payload\u00a0sayac\u0131yla kar\u015f\u0131la\u015faca\u011f\u0131z ve Next Payload<\/i> dedik\u00e7e s\u0131rayla kodlar\u0131 parametre sonras\u0131na ekleyip \u00fc\u00e7 farkl\u0131 web taray\u0131c\u0131 \u00fczerinde sonucu g\u00f6sterecektir. E\u011fer GET Request Auto Mode<\/i> se\u00e7ene\u011fini tercih edersek de saya\u00e7la u\u011fra\u015fmayaca\u011f\u0131z, Xenotix kendisi s\u0131rayla\u00a0XSS\u00a0payloadlar\u0131n\u0131 deneyecektir, bize sadece\u00a0ekrandan takip etmek d\u00fc\u015fecektir:<\/p>\n \nG\u00f6r\u00fcld\u00fc\u011f\u00fc gibi ben manuel modu se\u00e7tim ve next diyerek 19. payloadda XSS’i yakalad\u0131m. \u00dc\u00e7 farkl\u0131 web taray\u0131c\u0131s\u0131nda da ba\u015far\u0131l\u0131 bir \u015fekilde \u00e7al\u0131\u015ft\u0131\u011f\u0131n\u0131 g\u00f6rd\u00fcm. NOT: Bir sonraki Xenotix makalemde, ke\u015ffedilen XSS zafiyeti sonras\u0131 program\u0131n exploiting \u00f6zelliklerinden bahsedece\u011fim.<\/i>\n<\/p>\n<\/div>\n
\nYaz\u0131l\u0131m betiklerinin kullan\u0131c\u0131 taraf\u0131nda \u00e7al\u0131\u015ft\u0131r\u0131lmas\u0131 sonucunda kullan\u0131c\u0131n\u0131n oturum bilgileri \u00e7al\u0131nabilir, web taray\u0131c\u0131s\u0131 (browser) ele ge\u00e7irilebilir veya bilgisayar\u0131na zararl\u0131 kodlar enjekte edilebilir ve bilgisayar y\u00f6netimi ele ge\u00e7irilebilir…<\/p>\n<\/span>\nXSS Zafiyeti Nas\u0131l Olu\u015fur?<\/span><\/h4>\n
<\/span>\nXSS Zafiyetine Nas\u0131l \u00d6nlem Al\u0131nabilir?<\/span><\/h4>\n
\n
\n
\n
\n
<\/span>\nXenotix XSS Exploit Framework ile Web Uygulamada XSS Tespiti<\/span><\/h2>\n
\nWeb uygulamalar\u0131nda \u00e7e\u015fitli y\u00f6ntemlerle XSS zafiyetinin ke\u015ffi ve sonras\u0131nda bulunan zafiyeti s\u00f6m\u00fcrebilmek i\u00e7in b\u00fcnyesinde bir\u00e7ok exploiting ara\u00e7lar\u0131 bulunmaktad\u0131r.<\/p>\n
Hedef web uygulamas\u0131n\u0131n veri giri\u015fi yap\u0131labilen bir alan\u0131n\u0131 (inject point) g\u00f6ze kestirip o alana yakla\u015f\u0131k 1600 k\u00fcs\u00fcr XSS payload\u0131n\u0131 otomatik test eden Xenotix program\u0131n\u0131 kullanarak XSS tespit etmek.<\/p>\n
Program\u0131 indirip \u00e7al\u0131\u015ft\u0131rd\u0131\u011f\u0131m\u0131zda hemen Settings<\/i> men\u00fcs\u00fc alt\u0131ndan Configure Server<\/i> se\u00e7ene\u011fine girip \u00e7\u0131kan pencereden Xenotix’in XSS exploiting i\u00e7in kulland\u0131\u011f\u0131 QuickPHP Web Server<\/i> servisin ba\u015flamas\u0131 i\u00e7in Start<\/i> butonuna bast\u0131\u011f\u0131m\u0131zda art\u0131k program i\u015f yapmaya haz\u0131r hale gelecektir.<\/p>\n
\nPayload b\u00f6l\u00fcm\u00fcnden hedef parametreye hangi\u00a0XSS\u00a0paylod\u0131n\u0131n kullan\u0131ld\u0131\u011f\u0131n\u0131 g\u00f6rebiliriz.<\/p>\n