Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Execute JavaScript for XSS without script tags

I am learning about XSS (for ethical purposes), and I was wondering how to execute some JavaScript code without using <script> tags. This is within the

HTML tag:

"The search term" <p> *JavaScript here* </p> "returned no results"

For some reason, the script tags are not working.

like image 788
BillyBob Avatar asked May 25 '16 10:05

BillyBob


1 Answers

  1. Try putting in different types of strings with special characters and look if any of these get encoded or outputed. (I personaly use '';!--"<XSS>=&{()})
  2. Now you have three options:
    1. Inside a HTML Tag: The <> won't matter, because you are already inside a HTML Tag. You can look if this Tag supports Events and use some kind of onload=alert(1) or other event. If <> is allowed, you can break out and create your own tag '><img src=0 onerror=alert(1)>
    2. Outside of HTML Tag: the <> are important. With these you can open a new Tag and the whole world is below your feet (or so...)
    3. Inside Javascript: Well...if you can break out of a string with '", then you can basically write ';alert(1)
  3. Craft your XSS accordingly to your encoded characters and the surrounding of where the string get's outputed

<XSS> disappears entirely: the application uses some kind of strip_tags . If you are outside of a HTML Tag and no HTML Tags are whitelisted, I unfortunatly don't know any method to achieve an XSS.

Crafting your own payload

There are various methods to achieve this and too much to name them all. Look on these two sites, which have a lot of the methods and concept to construct your own. It comes down to: What the page allows to go through.

  1. https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#XSS_Locator_.28short.29
  2. https://html5sec.org/
like image 104
nv1t Avatar answered Oct 03 '22 01:10

nv1t