Introduction to #XSS
Learn the basics of ๐๐ซ๐จ๐ฌ๐ฌ-๐๐ข๐ญ๐ ๐๐๐ซ๐ข๐ฉ๐ญ๐ข๐ง๐ (๐๐๐)
Thread๐งต๐
#bugbounty #bugbountytips #bugbountytip #cybersecurity #cybersecuritytips #infosec #infosecurity #hacking
Learn the basics of ๐๐ซ๐จ๐ฌ๐ฌ-๐๐ข๐ญ๐ ๐๐๐ซ๐ข๐ฉ๐ญ๐ข๐ง๐ (๐๐๐)
Thread๐งต๐
#bugbounty #bugbountytips #bugbountytip #cybersecurity #cybersecuritytips #infosec #infosecurity #hacking
Let's inspect the name first:
The ๐๐๐ซ๐ข๐ฉ๐ญ๐ข๐ง๐ part indicates, obviously, scripting, so we can think about what kind of scripting we know exist in Web Apps: HTML & JavaScript being the 2 most common.
Secondly, XSS is part of the INJECTION bug class (see @owasp's Top 10)
The ๐๐๐ซ๐ข๐ฉ๐ญ๐ข๐ง๐ part indicates, obviously, scripting, so we can think about what kind of scripting we know exist in Web Apps: HTML & JavaScript being the 2 most common.
Secondly, XSS is part of the INJECTION bug class (see @owasp's Top 10)
So, we now know XSS consists of injecting scripts in websites.
Types of XSS:
1. Reflected
2. Stored
3. DOM-based
They can also be Blind too (you don't see the reflection)
As this thread is aimed at beginners, I will focus on the first 2 as they're easier to understand at first
Types of XSS:
1. Reflected
2. Stored
3. DOM-based
They can also be Blind too (you don't see the reflection)
As this thread is aimed at beginners, I will focus on the first 2 as they're easier to understand at first
Let's find out more:
XSS solely depends on reflection of user input(or other inputs) meaning you input something, and it reflects on the page/source code OR somewhere else on the back-end (in which case it's Blind XSS)
User input is carried mostly by parameters in a request
XSS solely depends on reflection of user input(or other inputs) meaning you input something, and it reflects on the page/source code OR somewhere else on the back-end (in which case it's Blind XSS)
User input is carried mostly by parameters in a request
Let's differentiate Reflected and Stored XSS:
Reflected - most common XSS type, happens when loading a URL with a vulnerable parameter that reflects on the page based on its value
Stored - happens in data that's stored on the page/server, such as username, comment, posts, etc.
Reflected - most common XSS type, happens when loading a URL with a vulnerable parameter that reflects on the page based on its value
Stored - happens in data that's stored on the page/server, such as username, comment, posts, etc.
Similar to SQL Injection, you achieve XSS by injecting scripts, and them reflecting onto the page and getting executed in the browser.
A basic XSS payload looks like this: <script>alert(1)</script>
This calls the <script> tag, and executes alert(), which will pop up an alert box
A basic XSS payload looks like this: <script>alert(1)</script>
This calls the <script> tag, and executes alert(), which will pop up an alert box
1๏ธโฃ Reflected XSS
As mentioned before, this XSS is delivered via a URL and executes upon loading the page.
The XSS payload is delivered through a vulnerable parameter that we were able to inject valid HTML scripts that reflect successfully.
Learn more โก๏ธ portswigger.net/web-security/cโฆ
As mentioned before, this XSS is delivered via a URL and executes upon loading the page.
The XSS payload is delivered through a vulnerable parameter that we were able to inject valid HTML scripts that reflect successfully.
Learn more โก๏ธ portswigger.net/web-security/cโฆ
2๏ธโฃ Stored XSS
Again, this type of XSS is called stored because the payload gets stored on the page indefinitely (or until we change/delete it), and anytime someone accesses the page, it will execute.
Such as a comment, description, etc.
To learn more โก๏ธ portswigger.net/web-security/cโฆ
Again, this type of XSS is called stored because the payload gets stored on the page indefinitely (or until we change/delete it), and anytime someone accesses the page, it will execute.
Such as a comment, description, etc.
To learn more โก๏ธ portswigger.net/web-security/cโฆ
FILTERS/WAFs
The worst enemy for us bug hunters.
There's a ton of techniques to bypass certain filters and WAFs, depending on your target and situation.
One of the best that specialize in XSS is @brutelogic, make sure to check out his cheat sheet โก๏ธ brutelogic.com.br/blog/xss-cheatโฆ
The worst enemy for us bug hunters.
There's a ton of techniques to bypass certain filters and WAFs, depending on your target and situation.
One of the best that specialize in XSS is @brutelogic, make sure to check out his cheat sheet โก๏ธ brutelogic.com.br/blog/xss-cheatโฆ
Now, practice makes perfect.
Head over to portswigger.net/web-security/aโฆ and practice some XSS labs.
After that, go find some XSS on some bug bounty programs, however, beware of dupes, as most people automate this process for the easy ones.
Also check out @theXSSrat , its in his name
Head over to portswigger.net/web-security/aโฆ and practice some XSS labs.
After that, go find some XSS on some bug bounty programs, however, beware of dupes, as most people automate this process for the easy ones.
Also check out @theXSSrat , its in his name
@theXSSrat That's a wrap!
If you enjoyed this thread:
1. Follow me @shrekysec for more of these
2. RT the tweet below to share this thread with your audience
If you enjoyed this thread:
1. Follow me @shrekysec for more of these
2. RT the tweet below to share this thread with your audience
https://twitter.com/shrekysec/status/1584577664249118721
This has been corrected by @theXSSrat here -->
https://twitter.com/theXSSrat/status/1584594787000123392,check it out
โข โข โข
Missing some Tweet in this thread? You can try to
force a refresh
ใ
