Cross Site Scripting - Level 04 __ Frozen Flame

Everything Vulnerable
Everything Vulnerable
June 09, 2021

Hey, I am in the URL !!

Hello thirsty learners ! Welcome back in another session of Cross Site Scripting Attack. I found a XSS lab in github. So, I thought, why shouldn't I try it ?? There were three basics challenges. In the 2nd challenge, I found something interesting. So, I am gonna share that thing with you guys. Let's start...

Well, I am sharing the code link, where you can practice reading this blog. Go here. After the page loads, you will get an interface like this, 

That means, we are ready to go. Now, go down. And, you will see an interface like this one. 


Now, click in the #2 radio button and, you will see an interface like this,

OK. You are ready for performing the 2nd XSS challenge . As we can see that, if we give input, it will land in the href value of anchor tag. Just like this,

In our previous blog , I have said how we can use event handler for our Cross Site Scripting Attacks. If you have read that blog, you will normally use this payload, " onclick="alert(1) . And, if we click the link, it will popup. But wait a minute. What if you can't use any kind of event handler in your payload ?? 

Store this in your mind ::

If you face this type case, <a href="{{payload}}"> , the easiest way for performing an XSS attack is using this payload, javascript:alert(1)

How this works ??

Actually if you have Android phone, go to your android chrome browser ( As I have no PC I can't say about the PC. ) and search for google.com . And then, type this payload, javascript:alert(1) and you will see an alert dialogue. Actually it instructs your browser to make an alert through the JavaScript. 

Yup. We have done another successful session of cross site scripting. But, in general , you won't be able to get this vulnerability in general. So, here is some same scenario for you.

Same scenario ::

Scenario 1 ::

When, you will try to put your link, it will ask you for adding https:// or, http:// at first of your URL. Or, you can't submit the URL. In this case, try with JavaScript event handler . Like this,

http://" onmouseover="alert(1)
http://" onclick="alert(1)

And, same for https:// , single quote and back tick . 

Scenario 2 ::

Sometime, you will get the payload in your iframe tag. Just like this,

<iframe src="here is your payload">

If you face this scenario, do the same thing with the same payload. And, you will have another seccessful attack of XSS in iframe tag. 

Well, that's for today. May be in another blog with another write up. Till then,
Happy Hacking. 💓
Everything Vulnerable