Part 2: XSS Code Analysis and Exploitation
Ready to Start Your Career?

Part 2: XSS Code Analysis and Exploitation

Chilico s profile image
By: Chilico
July 24, 2016
Part 2: XSS Code Analysis and Exploitation - CybraryHello Cybrarians, once again,In this article, we continue our code analysis and exploitation of XSS from Part 1. If you haven't already read it, please doLet's begin...Example 6:ex6As we see, our code is now completely different for the previous examples. In this one, our code running inside JavaScript so in our payload, we don't have to specified the language using script tags ( <script> , javascript: , etc). We also see no sanitization in place.Our payload will look like:";promtp('ex6');"ex62  Example 7:ex7So here, it's starts getting little bit more serious, as we see HTML encoding in place and we cannot use doublequotes (" ")Our payload will look like:';alert('ex7');'ex72  Example 8:ex8The HTML encoding is still in place and also the application uses the php_self parameter, which trusts the user input and let's us execute our code. But, we must first close the already running one.Our payload will look like:"><script>alert('ex8')</script>ex82  Example 9:ex9Here, we have DOM-based XSS and what actually happens is that every request is looking for the hash.substring (#)Our payload will look like:# <script>alert('ex9')</alert>ex92
That's for now. Use the form below for questions and comments
Schedule Demo
Build your Cybersecurity or IT Career
Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry