Ready to Start Your Career?

Part 2: XSS Code Analysis and Exploitation

Chilico 's profile image

By: Chilico

July 24, 2016

Part 2: XSS Code Analysis and Exploitation - CybraryHello Cybrarians, once again,In this article, we continue our code analysis and exploitation of XSS from Part 1. If you haven't already read it, please doLet's begin...Example 6:ex6As we see, our code is now completely different for the previous examples. In this one, our code running inside JavaScript so in our payload, we don't have to specified the language using script tags ( <script> , javascript: , etc). We also see no sanitization in place.Our payload will look like:";promtp('ex6');"ex62  Example 7:ex7So here, it's starts getting little bit more serious, as we see HTML encoding in place and we cannot use doublequotes (" ")Our payload will look like:';alert('ex7');'ex72  Example 8:ex8The HTML encoding is still in place and also the application uses the php_self parameter, which trusts the user input and let's us execute our code. But, we must first close the already running one.Our payload will look like:"><script>alert('ex8')</script>ex82  Example 9:ex9Here, we have DOM-based XSS and what actually happens is that every request is looking for the hash.substring (#)Our payload will look like:# <script>alert('ex9')</alert>ex92
That's for now. Use the form below for questions and comments
Schedule Demo