XsS Back Button - I Can See You From Behind
Reflected XSS is harnessed by attaching the malicious script to the end of a URL/Link. Though it may be obvious to see code on the end of a URL, techniques of hiding it are possible. Also with the service of link shortening services this can be very deadly.
In a reflected XSS attack, the malicious string is part of the victim’s request to the website. The website then includes this malicious string in the response sent back to the user.
Basic Diagram :
In my case when I entered the payload it was sanitized at that point of time but when I clicked on back button XSS executed.
How did this happen ?
How to find this vulnerability ?
- Go to your target URL https://www.website.com/ and use Burp Suite (Spider the website) to find parameters or search boxes
- In my case I got a search box so I entered a very old payload ”><svg/onload=alert(333)> which is obsolete but still works
3. When I pressed enter my payload got sanitized
4. Then I pressed the back button and payload got executed
I don’t know why it showed alert(1) in the source code and got executed as alert(333).
Preventing cross-site scripting is trivial in some cases but can be much harder depending on the complexity of the application and the ways it handles user-controllable data.
In general, effectively preventing XSS vulnerabilities is likely to involve a combination of the following measures:
- Filter input on arrival - At the point where user input is received, filter as strictly as possible based on what is expected or valid input.
X-Content-Type-Optionsheaders to ensure that browsers interpret the responses in the way you intend.
- Content Security Policy - As a last line of defense, you can use Content Security Policy (CSP) to reduce the severity of any XSS vulnerabilities that still occur.
Thank You :)
Instagram : jerry._.3
Summary Courtesy : Ramya Shah Sir (Gujarat Forensics Sciences University)
Happy Hacking ;)