Part 2: XSS Code Analysis and Exploitation

July 24, 2016 | Views: 5603

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Hello Cybrarians, once again,

In this article, we continue our code analysis and exploitation of XSS from Part 1. If you haven’t already read it, please do.

 

Let’s begin…

Example 6:

ex6

As we see, our code is now completely different for the previous examples. In this one, our code running inside JavaScript so in our payload, we don’t have to specified the language using script tags ( <script> , javascript: , etc). We also see no sanitization in place.

Our payload will look like:
“;promtp(‘ex6’);”

ex62

 

 

Example 7:

ex7

So here, it’s starts getting little bit more serious, as we see HTML encoding in place and we cannot use doublequotes (” “)

Our payload will look like:
‘;alert(‘ex7′);’

ex72

 

 

Example 8:

ex8

The HTML encoding is still in place and also the application uses the php_self parameter, which trusts the user input and let’s us execute our code. But, we must first close the already running one.

Our payload will look like:
“><script>alert(‘ex8’)</script>

ex82

 

 

Example 9:

ex9

Here, we have DOM-based XSS and what actually happens is that every request is looking for the hash.substring (#)

Our payload will look like:
# <script>alert(‘ex9’)</alert>

ex92


That’s for now. Use the form below for questions and comments

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
4 Comments
  1. Well done thanks

  2. Well appreciated.

  3. Thanks…

Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel