Before to starting, we’ll setup a virtual pentesting lab with the help of Web For Pentester toolkit which is totally based on Debian OS. As you all knows most of the web applications rely on only 3 components i.e. The Client, The Web Server and The Database. We hope you all knows a client-server architecture modal in which we use HTTP protocol. When your browser connects any URL, it’s in fact doing a TCP connection to PORT 80 of the IP address corresponding to that URL.
Today we’ll only discuss about the Cross Site Scripting (XSS). The easiest and most common proof that a XSS vulnerability exists is to get an alert box to pop up. The impact of XSS vulnerability is always high because you can perform so many functions with this attack like you can trigger your own Javascript into user’s browser, you can steal the cookies from user’s browser etc.
To Trigger a popup, we simply use alert(1);
To setup a pentesting lab, you need to download the ISO file of Web For Pentesters from the below link:
Download Link ISO – https://pentesterlab.com/exercises/web_for_pentester/iso
We’ll use VMware in this case to setup and configure this iso file. Create a new virtual machine and select “Typical” option which is the default recommended option.
After that, you need to browse the path of your ISO file which you just downloaded from above link as shown below:
Here you can put any name of your virtual machine for this ISO.
You can also define the disk size while configuring with VMware. 9 to 10GB disk size is enough for this Debian based OS.
You can also define the Memory size, suppose we allotted 1GB RAM for this ISO.
Your virtual pentesting lab is now ready to use, just type “ifconfig” and note down your IP and access that IP in your browser, you’ll get the following screen as shown below:
Cross site scripting attacks occur when data enters a web application through an untrusted source, frequently a web request or data is included in dynamic content that is sent to a web user without being validated.
Cross Site Scripting – Example 1
In below example, name parameter is vulnerable because its not being verified what kind of data is being sent.
Cross Site Scripting – Example 2
In this example, the web page is using some rendering technique which removes the script tag from the payload, so to defeat filtering, we modified the payload with some capital letters as shown below:
Cross Site Scripting – Example 3
In this example, to bypass filtering, we have to wrap the XSS payload as shown below:
Cross Site Scripting – Example 4
In this example, all script tags are being striped out no matter how you write, so we used a simple <img> tag to trigger the XSS.
Cross Site Scripting – Example 5
In this example, the word “alert” halts the execution of web app so modified our payload with Char Code technique, in which we converted all decimal characters into ASCII allowing us to bypass the preg_match function which they used.
For string char code conversion, you can use this link.
Cross Site Scripting – Example 6
Here they used some advanced level of filtering, so to bypass this, we simply modified the payload as shown below:
Cross Site Scripting – Example 7
Here we used a single quote character instead of double quote to bypass the XSS filters.
Cross Site Scripting – Example 8
This example uses PHP_SELF function which allows us to insert malicious javascript by closing off their code and executing out own.
Cross Site Scripting – Example 9
This example is related to DOM based XSS where javascript is looking for the achor # to write the URL inside the page, so to bypass this the payload will something like this way
Here you can also get all the payloads in text version.
You may also like:- Most Common DNS Record Types and Their Roles
- Top Skills Needed to Become a Cybersecurity Analyst
- Mastering Windows Management with WMIC Commands – Top 20 Examples
- Edit and Compile Code with the Best 5 Code Editors
- 50+ Top DevSecOps Tools You Need To Know
- Learn How to Add Proxy and Multiple Accounts in MoreLogin
- Some Useful PowerShell Cmdlets
- Create Free SSL Certificate – ZEROSSL.COM [2020 Tutorial]
- Generate Self-Signed SSL Certificate with OPENSSL in Kali Linux
- RDP – CredSSP Encryption Oracle Remediation Solution 2020
What about example 10?