Search

Cross-site scripting (XSS)

Lets us execute java script in a victim’s browser

Three main types of XSS:

  1. Reflected
    1. When the script you’re trying to inject, comes from the HTTP request. You send a request and you get a response. And that script is included in the response:\
    2. You can only target yourself, unless the payload is via the URI and you make the user click the link

      3. image
      image
  2. Stored
    1. When the payload is stored in the database and then retrieved later:
      1. This allows you to attack other users
        2. image
  3. DOM-based
    1. The client side has some vulnerable javascript that uses untrusted inputs instead of having vulnerabilities server side.
        2. image

Advice when testing for XSS:

alert(1)

is the most popular but it isn’t the best to use. Instead:

print()

which brings up the print pop-up

or

prompt("hello")

which prompts the user to write something after saying hello

Interesting things we can do with XSS:

function logKey(event){console.log(events.key)}
document.addEventListener('keydown', logKey)
Examples walkthrough