Blind XSS Impact

What is Blind XSS?

Blind XSS is a flavor of cross-site scripting (XSS), where the attacker “blindly” deploys a series of malicious payloads on web pages that are likely to save them to a persistent state (like in a database, or in a log file). Then, without knowing any details about where the payloads have ended up, or if (and when) they are going to be executed, the attacker waits for the payloads to be pulled out of storage and rendered on a web page loaded by a user. Hence, unlike most XSS attacks, which are non-persistent, and rely on immediate response pages generated from the data input by the attacker in a web form or HTTP query, Blind XSS is a persistent type of XSS that relies on vulnerabilities in the code of the target web pages, which allow malicious scripts, inserted into web controls, to be saved by the server in a database or web site file. These are then “served” to other users as part of HTML page responses, without begin “sanitized” first.

The distinction of the Blind XSS attack is the fact that the attacker does not know where the payload will end up and if, or when, it will get executed. Hence, in order for the attack to succeed, the attacker needs to make sure that enough payloads are deployed, and that the payloads are crafted in such a way as to be effective in time, know where to call back and how to sign off the results. At the same time, the attacker needs to implement technology to listen for eventual call backs from the payloads deployed.

Common Targets 

A most common target of Blind XSS is obviously any web page that gets user input and saves it somewhere for later viewing (by others) – logon forms, log viewers, customer service applications, exception handlers, forums/message boards, feedback forms, chat windows

Logon forms

Logon forms usually take the input user name string and save it to a log file which can be viewed, at a later stage, from a web page. Hence, a failed logon, with a malicious script entered in the “user name” field of the logon form, will cause the server to save an entry into the log which will have the malicious script as the “user name”. An attacker can perform several such login attempts in order to get the malicious script(s) into the log database or log file. Later on, if an administrator of the website (or web application) that the login form belongs to, checks out the logs for the day, and if those logs come up on a web page, the malicious script may get executed and call back to the attacker with the desired information. 

Typical targets in this scenario are web-based applications that require authentication, web management consoles for appliances, etc. Typical damage ranges from stolen credentials to unauthorized access to the data manipulated by the application (or appliance) and denial of service. Typical user targets are the administrators and the aim usually is security related.

Forums & Message boards

Similar to the previous scenario, attackers can place the malicious scripts within the topic title in a forum or message board. Again, most commonly, the server will save their post to a database, and the stored information can get exposed to other viewers, like the moderators over a period of time. In this scenario, the script may get sanitized when delivered to normal users, which will disable the malicious code. However, when a moderator of the forum will load a forum management web page, like a thread popularity report, for example, the unsanitized topic titles may be loaded and consequently, the attacker’s script would be executed, calling back with stolen information, redirecting the user or cause a denial of service attacks by for example calling code within the admin interface that stops the forum. Typical user targets are moderators of forums or message boards, who load forum content from management web sessions in order to perform administrative tasks and the aim is again, security related.

Detecting and Preventing Blind XSS Attacks

The best cure is prevention; therefore the best way to defend against Blind XSS attacks is to make sure that your website or web application is not vulnerable. The most effective way to accomplish this is by having web developers review the code and ensure that any user input is properly sanitized. If this is not done, there is a risk that user input does not get scraped off any scripting tags before being saved to storage or served to the user’s browser, and consequently, your website or web application might be vulnerable to XSS, including Blind XSS attacks.

It is good coding practice to never trust data provided by the user. In order to eliminate all risks, you need to implement sanitization of the user input before it gets stored, and also, as a second line of defense, when data is read from storage before it is sent to the user’s browser.

Next, you need a specialized tool that performs innocuous penetration testing, which apart from detecting the easy-to-detect XSS vulnerabilities, also includes the ability to detect Blind XSS vulnerabilities which might not expose themselves in the web application being scanned (as in the forum example). If you do not have access to the code or the time to check millions of lines of code, you can use such a tool in order to determine if your website or web application is vulnerable to Blind XSS attacks, and if positive, you will need to address this with your software provider.

The difficulty in detecting Blind XSS without a code review comes from the fact that this type of attack does not rely on vulnerabilities in the third-party web server technology or the web browser; vulnerabilities that get listed or you can scan for and patch. This attack exploits vulnerabilities introduced by the developers in the code of your website or web application. So even if your website is implemented using the latest technology such as HTML 5 or you ensure that your web server is fully patched, the web application may still be vulnerable to XSS. In addition to this, Blind XSS attacks are even more difficult to detect since the payload is executed on a completely different web application than where it was injected.

Started with PHP 1

 Setting Local Web Server

PHP script executes on a web server running PHP. So before you start writing any PHP program you need the following program installed on your computer.

1)The Apache Web server

2)The PHP engine

3)The MySQL database server

You can either install them individually or choose a pre-configured package for your operating systems like Linux and Windows. Popular pre-configured packages are XAMPP and WampServer.

WampServer is a Windows web development environment. It allows you to create web applications with Apache2, PHP, and a MySQL database. It will also provide the MySQL administrative tool PhpMyAdmin to easily manage your databases using a web browser.

First PHP Script

Now that you have successfully installed WampServer on your computer. In this section, we will create a very simple PHP script that displays the text "Hello, world!" in the browser window.

Ok, click on the WampServer icon somewhere on your Windows taskbar and select the "www directory". Alternatively, you can access the "www" directory by navigating the C:\wamp\www. Create a subdirectory in the "www" directory let's say "project".

<?php // Display greeting message echo "Hello, world!"; ?>

Now save this file as "hello.php" in your project folder (located at C:\wamp\www\project), and view the result in your browser by visiting this URL: http://localhost/project/hello.php.

Alternatively, you can access the "hello.php" file by selecting the localhost option and then selecting the project folder from the WampSever menu on the taskbar.

PHP can be embedded within a normal HTML web page. That means inside your HTML document you can write the PHP statements, as demonstrated in the following example:

<!DOCTYPE HTML> <html> <head> <title>PHP Application</title> </head> <body> <?php // Display greeting message echo 'Hello World!'; ?> </body> </html>

Now save this file as "hello.php" in your project folder (located at C:\wamp\www\project), and view the result in your browser by visiting this URL: http://localhost/project/hello.php.

Alternatively, you can access the "hello.php" file by selecting the localhost option and then selecting the project folder from the WampSever menu on the taskbar.

PHP can be embedded within a normal HTML web page. That means inside your HTML document you can write the PHP statements, as demonstrated in the following example:

PHP Concepts

What is PHP?

PHP stands for "PHP: Hypertext Preprocessor". Initially it was called "personal home page"
PHP is an opensource.PHP cost nothing, it is free to download and use
PHP is a scripting language designed for web.
PHP works with the web server. Ex: Apache, IIS, nginx etc which means that PHP scripts, or programs, usually run on a Web
PHP is an HTML-embedded scripting language. Much of its syntax is borrowed from C, Java and Perl. So if you have experience with this language, you will be comfortable with php
PHP is a one of the most popular Web programming languages. Using PHP we can build dynamic, interactive Web sites

Syntax

See the below table to get the opening and closing tags of php

Opening Tag	Closing Tag
<?php	?>
<?	?> (Short Tag)
<script language='php'>	</script>

PHP File

PHP document with an extension of .php
PHP file contains HTML, CSS, javascript, user text, and php code
PHP code is parsed on the server. This method of code execution is called "Server Side Code".
Note: When code is executed in the browser We call that "Client-Side Code".Ex. Javascript
PHP statement ends with a semicolon(;)

PHP Works

PHP parser finds the requested file and scans it for php code.
When the PHP parser finds PHP code, it executes that code and sends back the output to a web server
Webserver sends it to a web browser and web browser displays the output on the screen

Evolution Of PHP

PHP was created by Rasmus Lerdorf way back in 1994. He released PHP to the general public in 1995 and called it PHP version 2
In 1997, two more developers, Zeev Suraski and Andi Gutmans rewrote most of PHP and, along with Rasmus, released PHP version 3.0 in June 1998.
The new version, PHP 4, was launched in May 2000.
PHP 5, released in July 2004

PHP Advantages

It is easy to learn
It is fast
It is inexpensive. (Free)
It is easy to use
PHP is cross-platform. It can run on many operating systems. Linux
Mac
Windows
Unix
Solaris
It is secure
It is designed to support databases-SQL
Mysql
Oracle
PostgreSQL
SQLite
IBM DB2
and More
It contains an Object-Oriented concept

PHP Comments

Generally, Comments in programming can remind you of what you were thinking when you wrote the code. A comment in a PHP code is used to understand the program works step by step and then Who created, Who Edited, last modified date, etc. A comment is simply text that is ignored by the PHP engine.

1. <?php // This is a single line comment # This is also a single line comment /* This is a multiple lines comment This is a multiple lines comment */ ?>

PHP Introduction

PHP started as a small open source project that evolved as more and more people found out how useful it was. Rasmus Lerdorf unleashed the first version of PHP way back in 1994.

PHP is a recursive acronym for "PHP: Hypertext Preprocessor".

1) PHP is a server-side scripting language that is embedded in HTML. It is used to manage dynamic content, databases, session tracking, and even build entire e-commerce sites.

2) It is integrated with a number of popular databases, including MySQL, PostgreSQL, Oracle, Sybase, Informix, and Microsoft SQL Server.

3) PHP is pleasingly zippy in its execution, especially when compiled as an Apache module on the Unix side. The MySQL server, once started, executes even very complex queries with huge result sets in record-setting time.

4) PHP supports a large number of major protocols such as POP3, IMAP, and LDAP. PHP4 added support for Java and distributed object architectures (COM and CORBA), making n-tier development a possibility for the first time.

5) PHP is forgiving: PHP language tries to be as forgiving as possible.

6) PHP Syntax is C-Like.

Uses of PHP

* PHP performs system functions, i.e. from files on a system it can create, open, read, write, and close them.

* PHP can handle forms, i.e. gather data from files, and save data to a file, through email you can send data, and return data to the user.

* You add, delete, and modify elements within your database through PHP.

* Access cookies variables and set cookies.

* Using PHP, you can restrict users to access some pages of your website.

* It can encrypt data.

Characteristics of PHP

Five important characteristics make PHP's practical nature possible −

Simplicity

Efficiency

Security

Flexibility

Familiarity

"Hello World" Script in PHP

To get a feel for PHP, first, start with simple PHP scripts. Since "Hello, World!" is an essential example, first we will create a friendly little "Hello, World!" script.

As mentioned earlier, PHP is embedded in HTML. That means that in amongst your normal HTML (or XHTML if you're cutting-edge) you'll have PHP.

<html>

   <head>

      <title>Hello World</title>

   </head>

   <body>

      <?php echo "Hello, World!";?>

   </body>

</html>

(Output)   Hello, World!

If you examine the HTML output of the above example, you'll notice that the PHP code is not present in the file sent from the server to your Web browser. All of the PHP present on the Web page is processed and stripped from the page; the only thing returned to the client from the Web server is pure HTML output.

All PHP code must be included inside one of the three special markup tags ATE are recognized by the PHP Parser.

<?php  PHP code goes here   ?>

<?    PHP code goes here ?>

<script language = "php"> PHP code goes here </script>

The most common tag is the <?php...?> and we will also use the same tag in our tutorial.

In the next chapter, we will start with PHP Environment Setup on your machine and then we will dig out almost all concepts related to PHP to make you comfortable with the PHP language.

History of PHP

History of PHP

PHP as it's known today is actually the successor to a product named PHP/FI. Created in 1994 by Rasmus Lerdorf, the very first incarnation of PHP was a simple set of Common Gateway Interface (CGI) binaries written in the C programming language. Originally used for tracking visits to his online resume, he named the suite of scripts "Personal Home Page Tools," more frequently referenced as "PHP Tools." Over time, more functionality was desired, and Rasmus rewrote PHP Tools, producing a much larger and richer implementation. This new model was capable of database interaction and more, providing a framework upon which users could develop simple dynamic web applications such as guestbooks. In June of 1995, Rasmus » released the source code for PHP Tools to the public, which allowed developers to use it as they saw fit. This also permitted - and encouraged - users to provide fixes for bugs in the code, and to generally improve upon it.

In September of that year, Rasmus expanded upon PHP and - for a short time - actually dropped the PHP name. Now referring to the tools as FI (short for "Forms Interpreter"), the new implementation included some of the basic functionality of PHP as we know it today. It had Perl-like variables, automatic interpretation of form variables, and HTML-embedded syntax. The syntax itself was similar to that of Perl, albeit much more limited, simple, and somewhat inconsistent. In fact, to embed the code into an HTML file, developers had to use HTML comments. Though this method was not entirely well-received, FI continued to enjoy growth and acceptance as a CGI tool --- but still not quite as a language. However, this began to change the following month; in October 1995, Rasmus released a complete rewrite of the code. Bringing back the PHP name, it was now (briefly) named "Personal Home Page Construction Kit," and was the first release to boast what was, at the time, considered an advanced scripting interface. The language was deliberately designed to resemble C in structure, making it easy adoption for developers familiar with C, Perl, and similar languages. Having been thus far limited to UNIX and POSIX-compliant systems, the potential for a Windows NT implementation was being explored.

The code got another complete makeover, and in April of 1996, combining the names of past releases, Rasmus introduced PHP/FI. This second-generation implementation began to truly evolve PHP from a suite of tools into a programming language in its own right. It included built-in support for DBM, mSQL, and Postgres95 databases, cookies, user-defined function support, and much more. That June, PHP/FI was given a version 2.0 status. An interesting fact about this, however, is that there was only one single full version of PHP 2.0. When it finally graduated from beta status in November 1997, the underlying parsing engine was already being entirely rewritten. Though it lived a short development life, it continued to enjoy growing popularity in the still-young world of web development. In 1997 and 1998, PHP/FI had a cult of several thousand users around the world. A Netcraft survey as of May 1998, indicated that nearly 60,000 domains reported having headers containing "PHP", indicating that the host server did indeed have it installed. This number equated to approximately 1% of all domains on the Internet at the time. Despite these impressive figures, the maturation of PHP/FI was doomed to limitations; while there were several minor contributors, it was still primarily developed by an individual.

Gray Hat Hacker

A grey hat programmer (additionally spelled grey hat programmer) is somebody who might abuse moral norms or standards, however without the malignant purpose attributed to dark cap programmers. 

Grey hat programmers might participate in rehearses that appear to be not exactly totally above board, yet are frequently working for the benefit of everyone. Grey hat programmers address the center ground between white cap programmers, who work for the benefit of those keeping up with secure frameworks, and dark cap programmers who act vindictively to abuse weaknesses in frameworks.

On the off chance that we consider white caps the police and the dark caps as crooks, then, at that point, the grey hats fill in as the marginally underhand investigator. Dark cap programmers are something of a wise guy; illicitly breaking and going into specialized frameworks similarly to a dark cap, however treating the material they find as a white cap. 

This could mean passing on a supportive note on the framework to make organizations mindful of their careless activities (like a robber who passes on a note to tell you you've left the tap running while you were on vacation); it could mean uncovering the data to the organization secretly to empower them to fix the blemish – or it could mean delivering the data publically, leaving the organization presented to dark cap programmers until they fix the issue.

In spite of the worries, the aptitude of grey hats can't be overlooked in such an ability short market. The lack of network protection abilities is very much revealed, leaving organizations presented to the activities of dark caps. 

McAfee's 'Hacking the Skills Shortage' referred to that 82% of respondents were influenced by a network safety lack, while an investigation by Indeed uncovered that digital protection work opening has ascended by almost a third in two years, bringing about the abilities hole ascending by 5% in the UK. 

Network protection Ventures predicts that worldwide spending on online protection will surpass $1 trillion over the course of the following five years and evaluations that there will be 1.5 million occupations opening by 2019. With a particularly extreme divergence among market interests, arraigning dark too as dark caps could have genuine repercussions for the network protection market.

Grey hat hackers useful

As we've effectively said, dark cap hacking is unlawful, paying little heed to the goal. In case there isn't authorization from the objective to discover weaknesses, attempting to break an organization's protection from the law. So a grey hat programmer ought to hope to be rebuffed by unveiling a weakness to an organization.

Notwithstanding, a few organizations utilize their bug abundance projects to urge dark cap programmers to report their discoveries, and will give the abundance to stay away from the more extensive danger of having the programmer utilize the weakness for their own benefit. However, this is moderately uncommon, so getting the organization's authorization is the best way to ensure that a programmer will be inside the law.

E-commerce SEO

 Ecommerce keyword research

Keyword research is the critical first step in an e-commerce SEO campaign.

 You’ll target keywords too difficult to rank for and won’t make it to page one.

1. You’ll rank for keywords that don’t garner traffic or cause customers to buy.

Neither of these situations is ideal, which is why e-commerce keyword research is so important — it will ensure you target keywords that are easy to rank for, have decent search volume, and have high conversion rates.

However, there is more to choosing keywords than simply looking at how difficult it is to rank or how many people search for them. The following four options can help you to perform e-commerce keyword research, find keyword difficulty (KD) and search volume, and uncover buyer intent:

 Right keywords

Unless you use a tool like Ahrefs, you likely won’t have keyword data for the phrases you picked. You need to determine keyword difficulty, search volume, and buyer intent to know which keywords to use.

Using Google Keyword Planner, you can find rough search volume and CPC to determine buyer intent. However, it doesn’t give you keyword difficulty (KD) or spread.

If you want to get serious about your SEO efforts and maximize your keyword spread, consider creating a keyword matrix.

A keyword matrix is a way to dig through relevant keywords and organize your spreadsheet to quickly determine the best possible keywords to use on each of your pages. It’s based on KD, search volume, and searches intent.

 Amazon for keyword research

Amazon is a gold mine of high buyer intent keywords since people typically search on Amazon with the intent of buying something.

To find keywords with Amazon, start typing in your seed keyword. In response, Amazon will spit out autofill suggestions. These are all keyword ideas — put them in a Google spreadsheet to keep for later.

As you can imagine, if you have hundreds or thousands of products, this could take a long time. That’s where the Amazon Keyword Tool comes in. 

This tool automatically scrapes Amazon’s autofill suggestions for any keyword you type in. Each time you search, check off all the keywords and add them to your list, then download that list to a CSV with the “Download Selected Keywords” button.

 keywords through competitor research

If you have competitors who rank higher than you in search results, you can use their site to take keyword ideas. First, type your keyword into Google, choose a competitor, and scan their category and product pages for potential keywords. 

It is important to remember that you shouldn’t blindly use the same keyword as your competitors simply because they outrank you — there are other factors such as domain authority. 

It is also critical to consider breadcrumbs, an advanced navigation function that helps Google scan and index your site. You can tell if you’ve set up breadcrumbs correctly by entering your site into Google. If you see “yoursite.com -> category -> subcategory”, you have breadcrumbs set up.

Ahrefs keyword opportunities

Ahrefs is an all-around, fantastic SEO tool. You can use it for keyword research, competitive research, building backlinks, and much more.

Through its easy-to-use system, you can view built-out reports of keyword rankings on your site and your competitors, allowing you to see how you stack up and where you can make improvements.