📖
NOTES
  • Welcome!
  • Reference
    • Hacking
      • Penetration Testing Resources Bookmarks
        • Research Links
        • Cheat Sheet
        • Learning/Training
        • Tools
        • Payloads
        • Shell
        • AI
        • Reads
        • Podcast
        • Social Engineering
        • Payloads
      • Web/App Pentesting
        • SQL Injection
          • SQL Injection In The URL
          • SQL Injection In The Search Field
          • SQL Injection in Login forms
          • Boolean SQL Injection Blind
          • Time based SQL Injection Blind
          • Bypassing SQL Filters
          • SQL Injection with sqlmap
          • XPath Injection - Authentication Bypass
            • XPath Advanced Data Exfiltration
          • Payloads
        • XSS
          • Payloads
          • XSS Reflected
          • XSS Stored
          • Dom-based
          • Blind
        • Command Injection
          • Payloads
        • File Upload
          • Payloads
          • Bypass Filters
          • File Upload Tricks
        • SSRF
          • Payloads
        • LFI/RFI
          • Payloads
        • LDAP Injection
      • Port Swigger
        • Access control
          • Lab: Unprotected admin functionality
          • Unprotected admin functionality with unpredictable URL
          • User role controlled by request parameter
          • User ID controlled by request parameter, with unpredictable user IDs
          • User ID controlled by request parameter with password disclosure
        • Authentication
          • Username enumeration via different responses
        • Server-side request forgery (SSRF)
          • Basic SSRF against the local server
          • Basic SSRF against another back-end system
        • File Upload Vulnerabilities
          • Remote code execution via web shell upload
        • SQL Injection
          • SQL injection vulnerability in WHERE clause allowing retrieval of hidden data
      • Burp
        • Setting up Macro for intruder
      • ☁️Cloud
        • Tools
        • AWS
          • 🪣S3 Buckets
          • Amazon IAM
          • Dockers
            • Tools
        • Azure
        • GCP
      • Networking
        • Cheat Sheet
      • Hardware Hacking
        • Computer BIOS
    • HTML/CSS/JAVA
      • Tools
      • HTTP Response Status Codes
      • Bootstrap Templates
      • SSL
      • cURL
      • Grep
    • DataBase
      • My SQL
        • Cheat Sheet
        • Tools
    • PYTHON3
      • Code Resources
      • Python Reference Guide
        • Cheat Sheet
      • Code Projects
        • Jiggler Mouse
        • loan calculator
        • Bilnd LDAP Data Exfiltration
    • SEO
      • Tools
      • On-Page SEO
      • Local SEO and Keyword Research
      • Content Optimization
      • Technical SEO
      • Off-Page SEO Tools
      • Google Ads
    • Cloud
      • AWS
        • Light Sail
          • Hosting Website on Light Sail and Namecheap
        • Boto3
      • Azure
      • GCP
    • Files
      • PDF
Powered by GitBook
On this page
  1. Reference
  2. Hacking
  3. Web/App Pentesting
  4. XSS

Blind

Blind Cross-Site Scripting (XSS) is a more covert form of the Stored XSS attack. In a traditional Stored XSS attack, the attacker's malicious script is stored on the web server and then executed in the browser of any user who accesses the affected page. The attacker can typically see the impact of their attack directly, either by observing changes on the website or receiving data sent by the script.

In contrast, with Blind XSS:

  1. Invisibility of Payload Execution: The key characteristic of Blind XSS is that the attacker does not have a direct way to observe the execution of their payload. This happens because the payload might be stored in a location that is not immediately visible or accessible to the attacker, such as in a database entry only displayed in certain administrative or less-accessed pages.

  2. Entry Points: The entry points for Blind XSS are similar to those of Stored XSS. This includes any point where user input is taken and stored, such as:

    • Comment sections

    • Feedback forms

    • User profiles

    • Support ticket systems

    • Any form input that might be viewed later by another user, especially administrative users

  3. Use of Callbacks: Due to the covert nature of Blind XSS, it's crucial to include a callback mechanism in the payload. This allows the attacker to be notified when and if their payload is executed. The callback typically involves:

    • Embedding a URL (usually pointing to a server controlled by the attacker) in the script.

    • When the malicious script executes, it sends a request to the specified URL.

    • The attacker monitors this server for incoming requests, which act as a confirmation that the payload executed.

    • Information about where, when, and in what context the payload executed can also be transmitted to the attacker via parameters in the request.

  4. Challenges and Considerations: Blind XSS is more challenging to execute and requires patience. Since the attacker does not know when or if their payload will be triggered, they must wait and monitor their callback endpoint. Additionally, Blind XSS can be more dangerous as the payload might be executed by users with higher privileges, like administrators, thus potentially granting more significant access or more sensitive data.

PreviousDom-basedNextCommand Injection

Last updated 1 year ago