Cara Deface Method XSS – Deface is a hacking trick by altering the appearance of a website or altering or deleting the content of the website.
There are many methods that can be used to deface websites such as the XSS method.
Also Read: How to Disfigure the Web with Tinymcpuk Mediatech
For those who don’t know what XSS is?
XSS is short for the term cross site scripting and is one of the code injection attacks.
Typically, XSS is done by attacking by inserting HTML code or other script code into a target website.
So how to deface the site with the XSS method?
How to disfigure XSS method on website
Calm down because this time I will discuss how to deface a website using XSS method easily.
Also Read: How to Deface via Android Apps Without ROOT with SQLI
If you’re curious about how to make a Deface using the XSS method, check out this article to understand how.
That way you can find out more about defacement, especially with the XSS method.
Below is how to deface a website using XSS method in a very simple way.
1. Deface the site with the XSS method
First of all, you need to find a target that has XSS weaknesses first by typing dork in Google search engine like below:
Then select the target site you want to deface with the XSS/ method
In that case, you can directly run the target site and enter the exploit as below:
Later the site becomes a url like this:
That way, the website can be hacked with HTML tags.
Defacing websites with the XSS method can not only change the appearance of the website but also search the data within it.
2 Deface Website Dengan SQL Injection
The way to deface a website that is no less effective than the XSS method is the SQL Injection method.
To do this method, you first need to find the vulnerable site with SQL Injection first with the dork below:
Inurl:? Index.php id =
Inurl:? admin.php id =
Inurl:? pages.php id =
Inurl:? pages.php id =
You copy and paste one of these scripts into Google via a browser application on your computer or laptop.
Then you open the website you want to deface and add a sign (‘) at the end of the website URL link, for example target.com/index.php?id=1.
Later you will encounter an error “you have error in MYSQL” which indicates that the site is vulnerable to SQL.
So you can find the number of columns like this:
Target.com/index.php?id=1order by 10 (error)
Target.com/index.php?id=1order by 9 (error)
Target.com/index.php?id=1order by 8 (error)
Target.com/index.php?id=1order by 7 (error)
Next, you need to find the database version and find the database name.
Then you just find the names of all the tables, look up the column names and find the password of user_name.
In this way, access to the site was obtained.
Well it’s him how to deface a website using XSS method and also with SQL Injection.
However, you should not use the above method to deface other people’s websites as this could harm the website owner.
Also Read: How to Deface a Website with Exploit Joomla JCE Extension
You can use the above method to gain knowledge especially about website defacement. Thanks