When searching for information on a site I accidentally discovered that XSS can be done. To be sure I executed the next statement:
I try to be subtle. So far, it is just checking. The word was another one, something related to the topic of the site. Indeed, my search returns, only in a larger font. Works exactly as html intended. Now I really want to be sure that my suspicions are correct and persistent XSS is possible, so I executed that generally known statement alert(document.cookie). Aaahhhh, what a nice variety of possibilities.
On the site is a forum, there's also a login form. Now we can change the form a little bit. We can put some information on it and ask for a login and sent the username and password to another location (my location) and send the url in an email to someone. If I sent the URL in an email to somebody I need a reason why they have to login, that's why some information is needed on the form.
Now we can do something like this (this is only an example):
document.getElementById("body_container").innerHtml="<div>Login<form><input id="”password”" /></form>"
Another possibility is to catch cookies and send them to your location. Therefore, you need to register and post a thread. In your thread you put a script to catch cookies. Every time someone clicks on your thread the cookie and more information, if you like, is sent to you. With this cookie, a browser and a cookie editor you can login and pretend to be that user.
XSS is also a very intriguing technique. Everyone knows what it is. But not everyone understands the endless and different ways to use the possibilities. Discover XSS is relatively easy. But how to explain the impact without a demo.
The impact of XSS is that you can do everything a user can, if you have that session. You will not notice anything until....I found a really nice quote about XSS. To my opition it fully covers how XSS is is experienced! If you claim that "XSS is not a big deal" that means you never owned something by using it and that's your problem not XSS's -Ferruh Mavituna, Author of XSS Shell, XSS Tunnel and NetSparker.
XSS is more than an If-Then-Else mentality. Trust the advancing insights of others: The OWASP XSS (Cross Site Scripting) Prevention Cheat Sheet.
Now I've still a challenge. Should I write an email to the webmaster of that particular website and explain their vulnerability to them or should I send them a link of this article or should I just take it as it is and forget?