INTRODUCTION

Hi everyone, In this article we will learn how to check for cross site scripting vulnerability in live websites. Before we go further in this article, if you are not familiar with cross site scripting then please check out HOW TO CHECK FOR CROSS SITE SCRIPTING PART 1

ANALYZING THE APPLICATION’S BEHAVIOR

check for cross site scripting

Sometimes, you may able to find an endpoint that is not filtering <> symbols but when you try to add anything inside the symbols e.g <faiyaz> it will block you right away. If this is the case, then instead for firing the payload straight into the application, try to inject the payload piece by piece and analyze the response.

In one of my findings, I found that the application is behaving in the way described below:

1- Input: <> Output: <div id=”<>“></div>

2- Input: <script> Output: Blocked

3- Input: <faiyaz> Output: Blocked

4- Input: <faiyaz Output: <div id=”<faiyaz“></div>

5– Input: “><faiyaz Output: <div id=”“><faiyaz“></div>

6- Input: </> Output: Blocked

7- Input: () Output: <div id=”()“></div>

EXPLOITING THE APPLICATION

check for cross site scripting

As we can see in point number 5 and 7, when we pass “>faiyaz and () then the output was exactly the same in the application without any filter. So, we need to think of creating a payload that can be same as in point number 5.

In this scenario we can use event handlers payload to exploit the application. For example, if we pass something like this

” onmouseover=alert(1)>

The the response will be:

<div id=”” onmouseover=alert(1)>“></div>

The first will cause the string to terminate and after that we have written our main payload i.e onmouseover=alert(1) and finally we have used > to close the tag. So, this payload will prompt an alert box when someone hovers on the particular div tag. You can check out the practical video over here.

CONCLUSION

I hope you understand how to check for cross site scripting in this article. Let me know if you have any doubts in the comment section. Read more of our cybersecurity contents over here.