Passion
  • What is this GitBook about ?
  • Privilege Escalation
    • Linux
    • Windows
  • Network Security
    • Port Scanning
    • DNS Enumeration
    • FTP Enumeration
    • SSH Enumeration
    • SMB Enumeration
    • SMTP Enumeration
    • POP3 Enumeration
  • Checklists
    • Active Directory Security
    • OS Command Injection
    • Buffer Overflow
    • Broken Access Control
    • Local File Inclusion
    • SSRF
    • XXE Attacks
    • SQL Injection
    • XSS
  • WebApp Security
    • Local File Inclusion
    • File Upload Attacks
      • IIS Server File Upload
      • Escaping Sandbox via File Upload
    • Broken Access Control
      • Vertical PrivEsc
      • Horizontal PrivEsc
      • Horizontal => Vertical
    • OS Command Injection
    • SSTI
      • Finding the Injection Point
      • Indentification
      • Exploitation
    • XXE Attacks
      • XXE to LFI
      • XXE to SSRF
      • XXE via File upload
      • XInclude Attacks
      • Blind XXE Attacks
        • Identification
        • Exploitation
        • Blind XXE to LFI
        • Blind XXE by defining Local DTD
    • SQL Injection
    • Server Side Request Forgery
      • Various Attack Methods
      • Exploiting Blind SSRF
    • OAuth Attacks
      • In Password-Based Logins
    • XSS
      • Reflected XSS
      • Stored XSS
      • DOM XSS
      • Blind XSS
      • Perfecting our Payload
      • Exploiting Blind XSS
  • WebApp Mitigations
    • SSTI
  • Docker Security
    • Configuration
    • Ngnix Deployment
  • ☁️Cloud Security
    • AWS
      • Cloud Breach S3
      • IAM PrivEsc - RollBack
      • IAM PrivEsc - Attachment
Powered by GitBook
On this page
  • Example Scenario
  • How to test for Blind XSS
  1. WebApp Security
  2. XSS

Blind XSS

PreviousDOM XSSNextPerfecting our Payload

Last updated 2 years ago

Blind XSS is similar to a Stored XSS, but in Stored XSS our payload gets stored in the DB and gets triggered when viewed ( Blog's comment as an example ) but in this instance, we can't see the payload working or will be able to test it against yourself first

Example Scenario

Assuming, a website has a contact form where you can message a member of staff - The message content doesn't get checked for any malicious code, which allows the attacker to enter anything they wish - These messages then get turned into support tickets which staff view on a private web portal

Using the correct payload, the attacker's JavaScript could make calls back to an attacker's website, revealing the staff portal URL, the staff member's cookies, and even the contents of the portal page that is being viewed - Now the attacker could potentially hijack the staff member's session and have access to the private portal

How to test for Blind XSS

  • When testing for Blind XSS vulnerabilities, you need to ensure your payload has a calls back, This way, we know if and when your code is being executed

A popular tool for Blind XSS attacks is

xsshunter