Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
39 views3 pages

XSS Vulnerabilities Report: Reflected & Stored

Uploaded by

morape9233
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
39 views3 pages

XSS Vulnerabilities Report: Reflected & Stored

Uploaded by

morape9233
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

Report of XSS

1. Reflected XSS

• When you type the XSS code


<h1onauxclick=confirm(document.domain)>RIGHT CLICK HERE into the
message box, it shows up on the page without being checked for safety.
• If you right-click on "RIGHT CLICK HERE," it runs the code and shows a popup with
the website's name.
• An attacker could change this code to do harmful things, like stealing your
information or redirecting you to a bad site.

2. Reflected XSS

• There’s a reflected XSS vulnerability on the Glassdoor website through the


utm_source parameter.
• This parameter doesn’t check or clean up URL-encoded values properly.
• Using the payload abc;return+false});});alertxss;</script>`, a popup with "xss" is
shown.
• The code tricks the page into running the injected script.
• This allows attackers to add their own code, which can lead to harmful actions like
stealing information.
Example:
• https://www.glassdoor.com/employers/sem-dual-
lp/?utm_source=abc%60%3breturn+false%7d%29%3b%7d%29%3balert%60xss%
60;%3c%2f%73%63%72%69%70%74%3e.
• `abc``: This part can be ignored or treated as arbitrary text, but it allows the
payload to escape the current JavaScript context.
• return false});});: This part is intended to close out existing function calls or
control structures.
• alertxss;: This is where the actual attack occurs; it triggers an alert with the
message "xss".
• </script>: This closes the script tag, allowing the injected code to run.

3. Stored XSS Imgur.com


• Parameter the vulnerability is found in the create album feature on Imgur,
specifically when handling user input.
• Payload Used ”/>&lt;script>alert(1)&lt;/script>”/>
• Remediation the original report indicated that filtering for < and > was implemented,
but my bypass using HTML entities shows that the filtering is insufficient.
• Impact this reflected XSS vulnerability can allow attackers to steal cookies,
passwords, or execute arbitrary code on a victim's browser, leading to serious
security risks.

4. Stored XSS in wordpress.com

• Login: A user logs into their WordPress account.


• Choose a Post: They select an existing post to comment on.
• Add the Payload: They insert the following code as a comment
<iframe><a href=javascript:alert(document.cookie)>Click Here</a></iframe>
• Saving the Comment: This comment is saved to the site.
• User Interaction: When other users view this post and click on "Click Here," an
alert pops up showing their cookies from the wordpress.com domain.
Payload explained
• Iframe Tag: <iframe> is included but doesn’t serve a purpose here. It’s just a
container that can hold another webpage.
• Anchor Tag: <a href=javascript:alert(document.cookie)>Click
Here</a> is the main part:
• href: The href attribute starts with javascript:, which means the link will run
JavaScript code instead of navigating to a new page.

5. Stored XSS in report field


Stored XSS can be submitted in reports, and whenever someone views the report,
the XSS will be triggered
Payload: "><img src=x onerror=alert(document.domain)>

Explanation of Payload:
o "><img src=x starts a new HTML tag and attempts to load an image.
o onerror=alert(document.domain) means that if the image fails to load
(which it will), it will trigger an alert showing the current domain.
Steps:
• Go to https://app.mopub.com/reports/custom/.
• Click on New network report.
• In the name field, enter the payload: "><img src=x
onerror=alert(document.domain)>.
• Click Run and save; the XSS will trigger when the report is accessed

You might also like