Cross Site Scripting - Level 06 __ Frozen Flame

If-else ;

Hello thirsty learners. Welcome back again in another tutorial of Cross Site Scripting Attack. In this tutorial we will be talking about, " JavaScript context " and if-else. So, let's start....

I searched for my payload in the search bar of a particular web application. And, it was reflecting my payload without proper filtration. So, I tried to do some XSS there. But, the context was " JavaScript " and from the previous lesson , we have understood a thing that, we can't put HTML payloads in the JavaScript context. And, from this tutorial we have learned about " break and correct ". Well, here, we are going to apply both of them. 

Exploitation ::

When i searched for my payload in a particular parameter. So, i got something like this, 

Well, so I am confirmed that, it is JavaScript context. But, it's in the logical section. So, I tried to end the value first and then the logic of if-else. 

After this, i have to end the line with a semicolon ( ; ). As, it will say the JavaScript that, the line has ended. Go to the next line. And pur payload will be after that. Like this,

But, if I leave it like this, it won't never complete the XSS attack. As the logic won't end. So, we have to close the last logic also. 

If we do it properly, we will be able to perform an successful attack. And, boom. 

So, may be in another tutorial. Till then,

Happy hacking. 💥