handbook/tools/3.Web-Hacking/4.Injection/XSS/Notes/2.Reflected-XSS.md

42 lines
2.1 KiB
Markdown
Raw Normal View History

2024-08-30 23:07:22 +00:00
## Reflected XSS
Reflected XSS happens when user-supplied data in an HTTP request is included in the webpage source without any validation.
- **Potential Impact:**
The attacker could send links or embed them into an iframe on another website containing a JavaScript payload to potential victims getting them to execute code on their browser, potentially revealing session or customer information.
- **How to test for Reflected XSS:**
You'll need to test every possible point of entry; these include:
- `Parameters in the URL Query String`
- `URL File Path`
- `Sometimes HTTP Headers (although unlikely exploitable in practice)`
- `Title name of a website post` --->
- example
![[Pasted image 20221129102249.png]]
Once you've found some data which is being reflected in the web application, you'll then need to confirm that you can successfully run your JavaScript payload; your payload will be dependent on where in the application your code is reflected
- **Example Scenario:**
A website where if you enter incorrect input, an error message is displayed. The content of the error message gets taken from the **error** parameter in the query string and is built directly into the page source.
![](https://tryhackme-images.s3.amazonaws.com/user-uploads/5efe36fb68daf465530ca761/room-content/a5b0dbc4d2f1f69988f82f2c5d53f6ed.png)
![](https://tryhackme-images.s3.amazonaws.com/user-uploads/5efe36fb68daf465530ca761/room-content/7f90b73106d655b07874943f93533f7b.png)
The application doesn't check the contents of the **error** parameter, which allows the attacker to insert malicious code.
![](https://tryhackme-images.s3.amazonaws.com/user-uploads/5efe36fb68daf465530ca761/room-content/66743e9fa50b4c5793f070eb505f72d1.png)
![](https://tryhackme-images.s3.amazonaws.com/user-uploads/5efe36fb68daf465530ca761/room-content/24e50d95cecfc3783bd1a3a4fecbf310.png)
The vulnerability can be used as per the scenario in the image below:
![](https://tryhackme-images.s3.amazonaws.com/user-uploads/5efe36fb68daf465530ca761/room-content/8e3bffe500771c03366de569c3565058.png)