Basic ways to perform XSS Attacks

XSS-Attack-01

Overview:

Cross-site scripting attacks, often abbreviated as XSS, are a type of attack in which malicious scripts are injected into websites and web applications and run on an end user’s platform.It is a very common and widespread attack because of its ability to be exploited in commonly used platforms.Using XSS attacks, a web application or web site becomes the vector of delivering malicious scripts to the browsers of several victims.

XSS attacks can exploit vulnerabilities in several software environments, including VBScript, Flash, ActiveX, and JavaScript; XSS attacks most often use JavaScript due to the integrated nature of JavaScript in most browsers.

Some ways to perform XSS attack:

1.) This is the most basic way if a site is accepting your <script> tag. You should always try from basics and then move on.

  • URL :
    image
    image

Here as you can see this vulnerable page is taking my name in its URL parameter and is reflecting it back. So go to page source and look at how it is shown to the user.
image

So it is taking the name as it is, so let us try by writing our name as <script>varun</script>.

image

So there is no prevention done to prevent users from typing javascript code. So you can try different functions instead of varun usually for reporting bugs you can write an alert function to show that you have performed an XSS attack.

Example: in name write : <script> alert(1) </script>

2.) In the first point, we were able to bypass the <script> tags we used but here we are unable to do so :

image

image

So as you can see here our <script> tag was removed by the developer. What you can do is try writing the script tag including a mix of upper and lower case characters.

Example 1: <ScrIpt>alert(1)</ScripT>

Example 2: <ScripT>alert(1)</script>

So here you can see now we have managed to bypass our script tag.

3.) In the second way, the developer might have just run a filter through our input once, like it will scan for something bad in our input i.e <script> tag here and will filter it out but will do it only one time not recursively.

Example:

Hello<script>I am </script>Varun → Hello I am Varun

After one time of the filter. So we can try if by mistake developers has not put a recursive filter. For that, we will write our payload this time as:

<scr<script>ipt>alert(1)</scr</script>ipt>

So that after first filter resulting payload will become:

<script>alert(1)</script>

So it worked. Will post more ways on coming blogs.

Varun Singhai
varun01singhai01@gmail.com

1 Like