Cross - site Scripting

Requirement

In order to get the best experience in learning this vulnerability, you should have basic knowledge in HTML. You can start learning this vulnerability by answering this question: Is HTML a Programming Language?


If you have learned this vulnerability before, why not going to solve my challenges here?

First of all.. What exactly Cross - Site Scripting is?

The first time you speak out the name of this vulnerability, I guess you would think that "Wow the name is so cool, so dangerous, can it rule the world?".
But ermm.. No!! 😵😵😵😵😵😵
This is just a very basic vulnerability - easy to learn, easy to find out, easy to exploit, easy to conduct the report. With just some basic background in HTML, you will see that it's not hard to learn.

And.. The fact that Cross - Site Scripting (XSS) is just a really complicated technical name, for me, I would call it HTML Injection

After all the way.. Injection again?

I have told you so much about Injection (Ex: Covid-19 pandemic.. For more information, please go back to SQL Injection and Command Injection) , so in this case, the object we want to inject something is HTML.




A successful XSS (HTML Injection) attack can cause the web interface to be changed by the hacker, or execute mallicious JavaScript in the client browser which can leads to many phising or Account - Take - Over consequences (I will go more detail below).

Let's make an example

Consider that a website let users input their name, and then this website will print out the name on the screen. This is a basic PHP code of how to do this:

• Let users input their name using GET Parameter:

$username = $_GET['user_input'];

• Print out the username:

echo $username;
By this way of coding, with normal user, they will just only input the username they want - for example, in my case - MinKhoy
Now, the website will just printout the 'MinKhoy' word.

So.. How about a hacker, what if they input something like HTML tags?
If the hacker inputs the tag <h1>, what will happen?
Let's take a look at the code again:

echo '<h1>Make the words bigger</h1>';
As you can easily see, the PHP will just do its jobs - printout the whole things in the $username variable.

At this time, the web server will handle and render the content, which contains the <h1> tag, to print out and sendback to users, which will make the sequence "Make the words bigger" become truthly bigger - which is a really important signal of a exploitable HTML Injection.

The attacker can now input something more evil, such as tag <script> in order to execute JavaScript ON USER'S BROWSER (That's why this is a Client - Side Vulnerability), which allow the attacker to get user's cookies and everthing which is stored in the browsers.

As you know, the cookies are used for identification on the Internet, so if the attacker has your cookies, they can actually becomes you on the Internet (There are so much more consequences of this security flaws, but this one is the most common , beside there are something like Redirect, Phising...).