Articles by "xss"
Showing posts with label xss. Show all posts

XSSattacks are talked about beyond the reflected and persistent types. It is intended to provide a broader vision of the possibilities within these types of attacks as well as the conditions for them to occur. It also explores and the operation of theXSSertool for launching attacks of this type.


Cross Site Scripting (XSS)

  • XSS vulnerabilities encompassed any attack that allows executing scripting code in the context of another website. 
  • They can be found in any application whose final objective is to present the information in a web browser.
  • Usually, the input data that is used in some applications is not correctly validated, allowing a malicious script to be sent to the application.
  • To function they need an entry point, which is usually the forms. 
  • Through an XSS attack, you can hijack accounts, change user settings, access restricted parts of the site, modify site content, etc.

Types of XSS attacks

Direct Attacks
  • The direct attack of XSS (also called persistent XSS ), occurs when the attacker manages to embed malicious HTML code, directly on the websites that allow it.
  • It works by locating weaknesses in the programming of HTML filters, if they exist, to publish content.
  • This type of attack is usually the most common, and the code of the attacker is based on HTML tags (of the type or
  • The result shows a window with the text "hello-world".
  • This vulnerability is usually used to steal sessions and phishing.


It is a framework that allows:
  • Detect vulnerabilities of type XSS
  • Explore these vulnerabilities locally or remotely.
  • Report in real time the vulnerabilities found.
Among its main features include:
  • Graphic interface
  • Dorking
  • Support for GET and POST (this is important since in tools treated in previous articles only injections with GET could be performed).
  • Crawling
  • Proxy
  • Heuristic analysis
  • Preconfigured Exploits
  • Export options
  • Different bypassers to evade filters
Types of injections allowed:
  • Classic XSS (code execution in an embedded script)
  • Cookie Injection
  • Cross Site “Agent” Scripting
  • Cross Site “Refer” Scripting
  • Injections in “Data Control Protocol” and “Document Objetct Model”
  • HTTP Response Splitting Induced


  • Basic injection
xsser -u “”
  • Automatic injection (test all vectors)
xsser -u “” --auto
  • Injection with custom payload
xsser -u “” --payload = ”> 
  • Local Exploitation
xsser -u “” --Fp = “ 
  • Remote operation
xsser -u “” --Fr = ” 
  • Dorking use
xsser -d “inurl: admin / echo” --De “google” --Fp = ” 
  • Use of HTTP Refer proxy and header spoofin
xsser -u “” --proxy http: // localhost: 8118 --refer “666.666.666.666”
  • Use of hexadecimal encoding

xsser -u “” --Hex

  • Multiple injection with 5 wires and coding with mutation
xsser -u “” --Cem --threads “5”
  • Use of crawler with depth 3 and 4 pages
xsser -u “” -c3 --Cw = 4
  • Exploitation through POST
xsser -u "" -p "target_host = name & dns-lookup-php-submit-button = Lookup + DNS"


 It is a somewhat more intuitive option to use XSSer.

The tool starts with:

xsser --gtk
Thanks to the use of the “Wizard Helper”, guided operation can be carried out much more easily than by command line


When talking about XSS, the two most basic types are usually in mind: reflected or persistent; 


Take advantage of a modified active content to take control of a DOM, which allows you to control the flow of that object, but always through its API. 


It uses the Actionscript language used to program flash applications with the intention of loading unwanted elements on the page. 


It is an exploitation option that uses a second web to launch the attack on the vulnerable web. 


Malicious code is injected into an iframe that will be injected hiddenly in the vulnerable web.


Achieve an escalation of zone privileges in IE due to a vulnerability. 


It allows to carry out the attack thanks to the modification of the value of “User-Agent” in the header of a web application. 


Use a for-type instruction within a script embedded in the page to prevent users from accessing the content. 

Flash! Attack

Another Flash-based attack that uses Macromedia Flash Plugin and Active X Control to inject malicious codes. 

Induced XSS

Unlike the other XSS attacks, this attack is carried out on the server side. 

Image Scripting

It exploits the reading of the binary parameters of an image by a server that has not been adequately protected. 

PostHeaderIcon XSSF - Cross Site Scripting Framework