Hey Cyberpunks, Ethical Kaps here, I’m back again with another powerful article. I hope you all are doing great in your life. If you are here, and reading this article then either you are newbie or for sure you want to learn some new ways to exploit XSS. Just stay connected till the end and I assure you that you’ll get to know many interesting way to hunt this Vulnerability.
Note: I will keep the topic as simple as possible and try to explain it in layman’s language. So that you’ll be able to grasp the roots of the vulnerability, and find those bugs in your targets to make them more secure and earn bounties.
I will use abbreviation for Cross Site Scripting as XSS.
If you are a complete beginner and don’t have any Idea about this Vulnerability. I would recommend you, to read about the basics of XSS. I have already covered that in one of my article. You can read about it here.
For now, Let’s dive straight into the action and have a look at some practical stuffs.
Sometimes when you run a simple script, like mentioned below. Nothing happens.
Simple hack for this is :-
Sometimes developers filters the word such as alert. In order to Bypass that you can use utilize JavaScript's eval and String.fromCharCode. You’ll be able to get the popup without specifying alert.
You just need to have a look at ascii table for encoding purpose. And for that just type the below command in terminal. Note:- Here I’ll be using decimal value for character encoding.
So, let’s start encoding according to the value given in the table. For e.g. a=97, l=108, e=101 and so on…..
So what I have encoded is written below:-
<script>eval(String.fromCharCode(alert(“HACKER”)))</script>
So wherever you notice eval. Consider that as EVIL.😂
Here we are just going outside the box and applying our logics that’s always the best option to go for. Just have a look below :
Sometimes developers makes the common mistake by trusting the path provided by users & it can be used to trigger XSS. Have a look below it’ll become crystal clear.
I have just added random path to the URL & provided my payload. & BOOOOMMM!!!! 😍
Interesting thing to note here is that (page 404 and 500 are likely to be vulnerable to this kind of attack.)
Moral of Point 4:- Never Ignore anything.
And other techniques such as XSS through File Uploads, encoding of characters to bypass the filters are plain and simple. I hope you already know all that stuffs. If you have any query you can comment down below.
So, this is it for this Article I hope you enjoyed it. I will come back to you with another helpful writeup. Till then, take care and Keep Hunting for good. Keep Digging and learning new stuffs.
If you like the content then, you can support me over here :- @buymeacoffee.com/ethicalkaps
See you in the next Article. Until then Cherish your life. Peace!
You can Follow me on Twitter, on Spotify to listen my writeups(😁) and on Instagram.
If you enjoyed this story, please click the 👏 button as many time as you want and share to help others find it! Feel free to leave a comment below.