Cross Site Scripting - Level 0 __Frozen Flame

Everything Vulnerable
Everything Vulnerable
May 31, 2021

alert(/noob/);

One of my mate is studying CSE. His friend made a website. And, I was told to check the website few days ago for just a vulnerability test purpose. As you know, I am a newbie. But, I found a Cross Site Scripting vulnerability in that particular website . So, I thought to write an article for the level 0 or, beginners so that, the new ones can learn. I asked the owner of the website if I could make a write up or, blog for this website. He permitted me. But, for the the safety of the website, he forbade me not to disclose any information related to his website. And I assured him , I won't do so.

As this is beginner level, I will say that, 1st know what is a Cross Site Scripting attack and why it is so harmful. There are lot's of blogs which has written about this. So, there is no need of writing it again. If you have finished reading them or, know about them, then come to this blog.

Exploitation ::

Well, let's get started with XSS . Our domain was looked like,

testingxss.com

Testing for XSS ::

I found a search option. So I thought to search something in that search bar and test for XSS. So, I write, this payload,

testingxss't"t\t/t<t>t=

So, as you can see, there are some text with special characters. If I search this payload in the website, then I will be able to know, what is getting filtered or, is there any WAF trying to prevent XSS attack or not as most of the common filtered strings are present in this payload. So, the total query looking like this,

testingxss.com/search.php?query=testingxss't"t\t/t<t>t=

Is it getting senitized or filtered ??

And, I could see that payload reflecting in the webpage. But, still we don't know if there any filter is present or not until we see the client side source code. So, I checked the source code. And, it wasn't filtering at all. 

Attack ::

Well. That means, we can do an XSS (Reflecting) attack in the particular site pretty easily. That's why I made run the most common payload there. The,

<script>alert(1)</script>

So, our url was looking like this. 

testingxss.com/search.php?query=<script>alert(1)</script>

And I returned to the webpage from view source. And boom. Yea. It happened.

We successfully did an Cross Site Scripting attack on a live website. That's all for today. New tutorials will be coming soon. Share this tutorial. So that, others also can learn. 💡

Happy Hacking.💓

Everything Vulnerable