# Cross-site Scripting

![](/files/-Mf_O6OPTCTfeBJZNuSg)

## Introduction

![](/files/-Mf_Ty1OjESJEy2f1oUe)

## Stored XSS

![](/files/-Mf_UDRzI0gfguTO350b)

Lets go to the Stored XSS Webpage

![](/files/-Mf_UdGnEVtIN9lVlxjK)

Lets try to add a comment on the page, first we have to create a user and login.

![](/files/-Mf_V6Ro9_x4RWnNL4SH)

Lets now try to add a comment.

![](/files/-Mf_VGHvtltFmSV4WgTz)

![](/files/-Mf_VJC7tcwosxoPbquD)

Now lets create an alert popup box appear on the web page with the document cookie.

![](/files/-Mf_VcWXwM0UdIan7SDr)

![](/files/-Mf_VfXRU8L8osoBsWFx)

Lets click ok

![](/files/-Mf_ViLMSGVS3_J2QrFR)

Now lets change the XSS Playground heading to I am a hacker.

![](/files/-Mf_W0sl1R810ixeQ9r-)

![](/files/-Mf_W7Zj1AJODHH-Wdkr)

![](/files/-Mf_WDH0kzrS6Nyt0LJS)

Lets now try to take over the user Jack's account by stealing his cookie.

![](/files/-MfdNL84yzRW-eT7Td0q)

Now lets go to the log page

![](/files/-MfdNXWjoZS_buvdE1vY)

We have the cookie

Lets change users to Jack and post a comment

First lets go to the developer tools and change the cookie to Jacks.

![](/files/-MfdNzhYh2Ep2K-u8Z1Q)

Now lets reload the page

![](/files/-MfdO4dln7BRpLVAQtuG)

We are now the user Jack, lets post a comment

![](/files/-MfdOA0IMcLQK0H_Ge6b)

## Reflected XSS

![](/files/-MfdOjpz-fIhFBHSKxw6)

Lets craft a reflected XSS payload that will cause a popup saying "hello"

```
<script>alert("hello")</script>
```

![](/files/-MfdPHPt1BTxSdtnjv8J)

![](/files/-MfdPJEbzuN6-2GF7zom)

For getting the IP address of the machine we can use this payload

```
<script>alert(window.location.hostname)</script>
```

![](/files/-MfdPcJGqmd-WAob-do8)

![](/files/-MfdPhBSbA67MM75SoPK)

## DOM-Based XSS

![](/files/-MfdPzUMzowluFbGcGPO)

Lets go to the DOM-Based XSS page and look at the source code

![](/files/-MfdQFs2PHy2VsAk0E_G)

This is interesting, looks like there are no checks on the input we give

Now lets exploit it and get the cookie.

```
test" onmouseover="aletest" onmouseover="alert('document.cookies')"rt(document.cookie)"
```

![](/files/-MfdRABpmOdNxI9Cq3as)

Now hover over the Image not found text

![](/files/-MfdRHB6gauNCi2Y46NZ)

![](/files/-MfdRJqRQsDoXS93S_NM)

Next lets create an `onhover` event on an image tag, that change the background color of the website to red.

```
test" onmouseover="document.body.style.backgroundColor='red'"
```

![](/files/-MfdRdhV5bFwa7hhPv6j)

Make sure to hover over the Image not found text

## Using XSS for IP and Port Scanning

![](/files/-MfdS1-LsR-AV7cb3Qm5)

![](/files/-MfdS3J5J6uoZdk2hvbX)

## XSS Keylogger

![](/files/-MfdSA7jwBkhcdLDw4xZ)

![](/files/-MfdSCT5HcvpcIhg4njv)

## Filter Evasion

![](/files/-MfdSKV4NnbSBYumlKLx)

Lets do the first challenge

![](/files/-MfdSlZw6QNRe8VNTgHZ)

![](/files/-MfdSnLTD53JAb1Kp3_I)

![](/files/-MfdSpY_p81hy36D61BQ)

Lets do challenge 2

```
0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-"
```

![](/files/-MfdTHgfd53VfKEGPkHN)

Lets do challenge 3

![](/files/-MfdTVSW1UVigVybmQCo)

![](/files/-MfdTZaM_Ujne3D2tOwl)

![](/files/-MfdTb0hYz9dF-KAJQcD)

Challenge 4

![](/files/-MfdThA_CHNHUPEtmx_7)

```
<style>@keyframes slidein {}</style><xss style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert('Hello')"></xss>
```

![](/files/-MfdTy9nRw2eupmKjpmu)

## Protection Methods and Other Exploits

![](/files/-MfdU8q42ZTWDiFczS8T)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://writeups.adityadindi.com/tryhackme/walkthroughs-easy/cross-site-scripting.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.