Cross-site Scripting

Introduction

Stored XSS

Lets go to the Stored XSS Webpage

Lets try to add a comment on the page, first we have to create a user and login.

Lets now try to add a comment.

Now lets create an alert popup box appear on the web page with the document cookie.

Lets click ok

Now lets change the XSS Playground heading to I am a hacker.

Lets now try to take over the user Jack's account by stealing his cookie.

Now lets go to the log page

We have the cookie

Lets change users to Jack and post a comment

First lets go to the developer tools and change the cookie to Jacks.

Now lets reload the page

We are now the user Jack, lets post a comment

Reflected XSS

Lets craft a reflected XSS payload that will cause a popup saying "hello"

<script>alert("hello")</script>

For getting the IP address of the machine we can use this payload

<script>alert(window.location.hostname)</script>

DOM-Based XSS

Lets go to the DOM-Based XSS page and look at the source code

This is interesting, looks like there are no checks on the input we give

Now lets exploit it and get the cookie.

test" onmouseover="aletest" onmouseover="alert('document.cookies')"rt(document.cookie)"

Now hover over the Image not found text

Next lets create an onhover event on an image tag, that change the background color of the website to red.

test" onmouseover="document.body.style.backgroundColor='red'"

Make sure to hover over the Image not found text

Using XSS for IP and Port Scanning

XSS Keylogger

Filter Evasion

Lets do the first challenge

Lets do challenge 2

0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-"

Lets do challenge 3

Challenge 4

<style>@keyframes slidein {}</style><xss style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert('Hello')"></xss>

Protection Methods and Other Exploits

Last updated