Home 0P3N Blog Part 1: XSS Exploitation and Code Analysis
Ready to Start Your Career?
Create Free Account
Chilico s profile image
By: Chilico
July 18, 2016

Part 1: XSS Exploitation and Code Analysis

By: Chilico
July 18, 2016
Chilico s profile image
By: Chilico
July 18, 2016
XSS Exploitation and Code Analysis - CybraryToday, I'll solve the XSS challenges from the "Web For Pentesters" vulnerable app and analyze the code behind what we see. Let's start...Example 1:ex1What does the code above do? It GET's the parameter "name" and echoes it back to the user. Also. we will not see any input sanitization on this example, so our XSS payload will look like this:<script> alert('1st example')</script>ex_1  Example 2:ex2In this example, the code does exact the same thing as the first one. The only difference in this one is the sanitization. The input has been defined inside the brackets and will be replacing it. Our payload will look like this:<ScripT>alert('ex2')</ScripT>ex22  Example 3:ex3The above code does exact what the second one does. In this one, the developer also sanitizes the capital letters. Our payload will look like this:<sc<script>ript>alert('ex3')</sc</script>ript>ex33  Example 4:ex4This code is absolutely different from the rest. In this one, any use of the word script capital or not, will kill the application. Our payload must not have the word script inside. Our payload will look like this:<h1><font color=blue>ex4</h1>ex44<img src=" " onerror=alert('ex4')/>ex4_2 
That's it for now. Stay tuned for more posts in the future...
Schedule Demo

Build your Cybersecurity or IT Career

Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry