Skip to main content

Posts

Showing posts from November, 2016

Xssing Web Part - 1

Xssing Web Part - 1
Hello,

I'm thinking about sharing everything I know about XSS :) However it's not possible to put all methods in one single post so I would be making several parts of "Xssing Web". Mostly I would be talking about how to bypass XSS filters and how to turn most of non exploitable XSS to exploitable.


All of you might have encountered one such end point that takes URL as parameter and redirects to it using javascript like :

location.href='URL' 
or
window.location.href='URL' 
or
window.location.replace('URL') 
or
window.location='URL'


In this post I would be talking about how to get XSS in such situations and how to bypass their filters.

First thing we can do here is try 'javascript' protocol or 'data' URI scheme.

window.location='javascript:alert(1)'
or
window.location='data:html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg'

It would execute 'alert(1)' function.

From now onwards I will only be talki…