Cross-Site Scripting (XSS)

Description

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.

Cross Site Scripting (XSS) Software Attack | OWASP Foundation

While using document.cookie is great to demonstrate the exploitability of a Cross-Site Scripting vulnerability, to further demonstrate the risk we can leverage the following resources:

Stored XSS to Account Takeover : Going beyond document.cookie (Dumping IndexedDB)Medium

Tricks for Weaponizing XSS - TrustedSecTrustedSec

Why HttpOnly Isn't Enough

There are multiple articles on the Internet stating that the HttpOnly flag provides a false sense of security as an attacker is unlikely to wait several hours for a user to trigger the payload and obtain a session token. Rather, an attacker can leverage a more sophiscated attack to hook the user or perform immediate malicious actions.

# This is the flag we are talking about
Set-Cookie: SESSIONID=[token]; HttpOnly

Why HttpOnly Won't Protect You

Cookie without HttpOnly flag set

Testing / Payload Creation

JSFiddle - Code Playground

JSFuck - Write any JavaScript with 6 Characters: []()!+

XSSPentester's Promiscuous Notebook

https://xssor.ioxssor.io

PreviousInjection Vulnerabilities NextBlind Cross-Site Scripting

Last updated 4 months ago

Description

Going Beyond 'Document.Cookie'

Why HttpOnly Isn't Enough

Testing / Payload Creation