Learn Penetration Testing And Ethical Hacking Online.


  • Facebook
  • Popular Posts

    An article from  where XSS attacks are discussed beyond the reflected and persistent types. It is intended to provide a broader view of the possibilities within this type of attacks as well as the conditions for their occurrence. It also explores and operates the XSSer tool for launching attacks of this type.
    Advanced XSS attacks and exploitation examples


    Cross Site Scripting (XSS)

    • The vulnerabilities of XSS included any attack that allows executing "scripting" code in the context of another website. 
    • They can be found in any application that has as its ultimate goal, to present the information in a web browser.
    • Usually the input data that is used in some applications is not validated correctly, allowing to send a malicious script to the application.
    • To work they need an entry point, which is usually the forms. 
    • Through an XSS attack, you can hijack accounts, change user settings, access restricted parts of the site, modify site content, etc.

    Types of XSS attacks

    Direct Attacks
    • The attack of direct form of XSS (also called persistent XSS ), appears when the attacker manages to embed malicious HTML code, directly in the Web sites that allow it.
    • It works by locating weak points in the programming of HTML filters if they exist, to publish content.
    • This type of attack is usually the most common, and the code of the attacker is based on HTML tags (of type or
    • The result shows a window with the text "hello-world".
    • This vulnerability is often used to steal sessions and phishing.


    It is a framework that allows:
    • Detect vulnerabilities of type XSS
    • Explore these vulnerabilities locally or remotely.
    • Report in real time the vulnerabilities found.
    Among its main features include:
    • Graphic interface
    • Dorking
    • Support for GET and POST (this is important since in tools treated in previous articles you could only perform injections with GET).
    • Crawling
    • Proxy
    • Heuristic analysis
    • Preconfigured exploits
    • Export options.
    • Different bypassers to evade filters
    Types of injections allowed:
    • Classic XSS (execution of code in an embedded script)
    • Cookie Injection
    • Cross Site "Agent" Scripting
    • Cross Site "Refer" Scripting
    • Injections in "Data Control Protocol" and "Document Objetct Model"
    • HTTP Response Splitting Induced


    • Basic injection
    xsser -u "victima.com"
    • Automatic injection (test all vectors)
    xsser -u "victima.com" --auto
    • Injection with customized payload
    xsser -u "victima.com" --payload = "> "
    • Operation in local
    xsser -u "victima.com" --Fp = " "
    • Remote operation
    xsser -u "victima.com" --Fr = " "
    • Using dorking
    xsser -d "inurl: admin / echo" --De "google" --Fp = " "
    • Using proxy and HTTP header spoofin Refer
    xsser -u "victima.com" --proxy http: // localhost: 8118 --refer "666.666.666.666"
    • Use of hexadecimal encoding
    xsser -u "victima.com" --Hex
    • Multiple injection with 5 threads and coding with mutation
    xsser -u "victima.com" --Cem --threads "5"
    • Using the crawler with depth 3 and 4 pages
    xsser -u "victima.com" -c3 --Cw = 4
    • Exploitation through POST
    xsser -u "victima.com" -p "target_host = name & dns-lookup-php-submit-button = Lookup + DNS"


     It is a somewhat more intuitive option to use XSSer.

    The tool starts with:

    xsser --gtk
    Thanks to the use of the "Wizard Helper" guided exploitation can be carried out much more easily than by command line


    When talking about XSS, we usually keep in mind the two most basic types: reflected or persistent; but there are many more.


    Take advantage of a modified active content to take control of a DOM, which allows you to control the flow of that object, but always through its API. This on the one hand makes it easier to avoid anti-XSS filters but on the other it has certain limitations against basic attacks. The elements vulnerable to DOM XSS are usually: "document.location", "document.URL", "document.refer"


    It uses the Actionscript language used to program flash applications with the intention of loading unwanted elements into the page. It can be used in combination with DOM XSS to load elements from the domain of the original object. It could even be used to execute an ActionScript in a SWF file, although it is also possible to execute code embedded in an img type tag.


    It is an exploitation option that uses a second web to launch the attack on the vulnerable web. In this case the user would open the web page that contains the vulnerable code and this would interact with the vulnerable web in order to carry out the same type of actions as an XSS attack.


    The malicious code is injected into an iframe that will be injected in a hidden way in the vulnerable web.


    Achieves an escalation of zone privileges in IE due to a vulnerability. The relevance of this attack lies in the possibility of executing a privileged command from an area without privileges. 
    IE establishes the following zones: Internet, Intranet, Secure sites, Restricted sites, Local. Therefore this attack is only effective against Windows systems with a vulnerable version of IE.


    It allows to carry out the attack thanks to the modification of the value of "User-Agent" in the header of a web application. In the case that some value is obtained dynamically it is possible to modify this value in the browser of the attacker so that when executing the application and acquiring said value, the attack is carried out.


    It uses a for type instruction within a script embedded in the page to prevent users from accessing the content. Access to the application is blocked through an infinite loop of alerts. 
    To cause the denial in the server instead of the client, it is enough to use a similar logic against said server. In this case, it is usual to exhaust the resources of the server by launching too many requests.

    Flash! Attack

    Another attack based on Flash that uses Macromedia Flash Plugin and Active X Control to inject malicious code. This code would allow stealing cookies every time a user plays the infected content.

    Induced XSS

    Unlike the other XSS attacks, this attack takes place on the server side. The possibilities are therefore greater, since the complete HTML content can be altered in a web thanks to the modification of the HTTP response headers of the server. In this case the attacker forces the server to produce a response that will be interpreted as two by the victim, the first with the injection itself and the request to the server and the second as camouflage for the first.

    Image Scripting

    It exploits the reading of the binary parameters of an image by a server that has not been adequately protected. For this attack to be successful the attacker must upload the image to the server, which will later be accessed by the victim.


    1. admin says:

      Here is deep description about the article matter which helped me more. trig identity triangles

    2. official says:

      Nice post! This is a very nice blog that I will definitively come back to more times this year! Thanks for informative post. official showbox apk

    3. Notepad++ says:

      I am totally impressed! Keep stuff like this coming. notepad++ for mac download