🖊️ Author: Nairuz Abulhul
🌐 Blog: R3dbuck3t
Table of Contents
Cross-Site Scripting (XSS)
Exploitability: Easy , Prevalence: Widespread ,Detectability: Easy, Technical Impact: Moderate
Reflected
<aside>
📄
</aside>
Stored/Persistent
<aside>
📄
</aside>
DOM
<aside>
📄 The document object model is the page in the browser. The DOM includes anything running inside the browser.
- The most typical one that we you that we show there is, If your application in
- responds with code. Now I didn't inject this code. This is code your application uses. This is actually very common in modern applications, because they do so much stuff back and forth with client-side code.
- reads what's called a sync S. I. N. K. Which is something that was put in their original, and the one we see often is Ah, you know, window location or document document documentation. It actually reads the value in the address.
- If it uses that value inside the code. That's a that is a dom based excess, because what I could do is I can actually type out
- If it uses that value inside the code. That's a that is a dom based excess, because what I could do is I can actually type out
📌 Note: 99% of the time Burp detect the DOM XSS is false positive. it's it's misunderstood the code. It doesn't know what's actually going on
</aside>
Impact
- Steal session and impersonate user
- Remotely record user actions
- Remotely control user actions
Testing Checklist
- Identify injectable inputs ex: input fields, file names, comments, search functionality
- Attempt basic payloads first to test the application filter and protection controls.
- If the application uses some filtering mechanisms on the client or server sides, try XSS payload with different encodings.