Ethical Hacking
  • Introduction to Information Security
    • What is Hacking?
    • Type of Hacking
    • Exercise
    • Uses of Proxy Servers
    • Summary Proxy & VPN
    • Summary
  • Gathering Information About Websites
    • Gathering Information
    • Gathering Targeted Information
  • Google Droks
  • Introduction to Web Architecture and Understanding Common Security Misconceptions
    • Web Servers
    • Web Server Architecture
    • Web Server Architecture Combinations
  • VA & PT
    • OWASP
    • SQL Injection
    • Advanced SQL Injections
    • Burp Suit
      • Client Side Validation Burp Suite Bypass
      • Client Side Validation Burp Suite Bypass
      • GET Based IDOR in URL
      • Post Based IDOR Variant
      • GET Based IDOR in URL
      • Post Based IDOR in URL
      • Download based
  • Arbitrary File Upload Vulnerabilities
    • Server Side Attack
    • Server Side Attack
    • Client Side Attack
  • Understanding Response Headers
    • Event Listeners
  • Fundamentals of Cross Site Scripting (XSS)
    • Temporary XSS
  • Understanding Forced Browsing and Session-Cookie Flaws
    • Forced Browsing
    • Cross Site Request Forgery
    • Open Redirection
  • Dictionary Based Brute Force Attacks
    • Dictionary Based Bruteforcing
    • Logical Bruteforcing
    • PII Leakage Variant
  • Identifying Security is configurations and Exploiting Outdated Web Applications
    • Information Disclosure via Descriptive Messages
    • Default Debug Pages
    • How to guess password for a standard login page
    • Default/Weak Password in Custom CMS
    • Fingerprinting Components with Known Vulnerabilities
    • Finding Exploits for Components with Known Vulnerabilities
    • Default/Weak Password in Public Software
    • Vulnerable Components Installed
    • Vulnerable Components Installed 2
    • Vulnerable Components Installed 3
  • Scanning for Bugs in WordPress and Drupal
    • What is CMS?
    • Variant 1
    • Vulnerable CMS
    • How to Scan Drupal CMS for Known Vulnerabilities?
    • Joomla CMS
  • Automating VAPT and Secure Code Development
    • information gathering
    • Nmap Scans
    • Automating VAPT:
  • POC
    • Recommendations for Documenting a Vulnerability
    • PoC
    • Types of Reports
    • Recommendations for OWASP Top 10 Vulnerabilities
    • Components of a VAPT Report
    • Vulnerability Information (for each vulnerability)
    • Bad Practices to Avoid While Writing a Report
Powered by GitBook
On this page
  • Temporary XSS 2
  • See if you can bypass protective filters and generate alert pop up.
  • See if you can use the input field to cause harm to the user of this website
  • See if you can use your knowledge of JavaScript to cause harm to the user of this website.
  • See if you can execute javascript and generate alert pop up in the 'Products' page.
  1. Fundamentals of Cross Site Scripting (XSS)

Temporary XSS

PreviousFundamentals of Cross Site Scripting (XSS)NextUnderstanding Forced Browsing and Session-Cookie Flaws

Last updated 1 year ago

Xss isnt always in a text field, it can directly be in the URL

xss<img src="" onerror=alert(0)>

Exploitation doesn’t need <script> tags, js can be executed with js events too like onclick, onload, onmouseover etc

<img src="" onerror=alert(0)>

<svg onload=alert(0)>

Temporary XSS 2

inject HTML/JS and generate 'xssed' alert pop up.

As our data is going inside the attribute of the input tag :

<input value="HERE">

What every you type will become the value of the Button and not execute.

But, if you break using this tag : “> YOUR MALICIOUS CODE and inject your own code after:

<input value=""> <script>alert("xssed")</script>">

You notice how input tag is closed and you successfully inject a script tag which will work

See if you can bypass protective filters and generate alert pop up.

Tags are blocked but as out data is going inside an input tag:

  <iframe src="[HERE]">

Just like sqli we can chose the already existing " and add our own html to the input tag

If we enter the payload abcd" onload="alert('xssed') this is how it would appear

<iframe src="abcd" onload="alert('xssed')">

This makes the value abcd and the moment iframe loads, you will get the popup

See if you can use the input field to cause harm to the user of this website

As our input is simply appended into the <h1> tags, we can pass our own html in the user_name parameter and that HTML/JS will get appended to the output.

http://url/hello.php?user_name=<a>hacked</a>

http://url/hello.php?user_name=<iframe src=”hacker.com”></iframe>

See if you can use your knowledge of JavaScript to cause harm to the user of this website.

Xss isnt always in a text field, it can directly be in the URL

Exploitation doesn’t need <script> tags, js can be executed with js events too like onclick, onload, onmouseover etc

<img src="" onerror=alert(0)>

<svg onload=alert(0)>

See if you can execute javascript and generate alert pop up in the 'Products' page.

Step 1: Go to the hacking challenge (The URL will be different for each user). http://13.232.74.70/Cross-Site-Scripting/Permanent-XSS-Variant-3/ Step 2: Click on 'Login as A Seller' button. Step 3:Enter the payload "> in 'Seller Address' input field Step 4: Click on save changes. Step 5: Now click on ‘Show Products’ button to view the XSS Pop up. Now anybody who browses the products will be affected by the payload hence ‘Seller Address’ field is vulnerable to permanent XSS.