CryptoGen Nepal
Published in

CryptoGen Nepal

XSS Is Love ❤ !

Sometime back I was testing a private site where I was able to execute an XSS. By using the previous XSS I managed to steal CSRF token to bypass CSRF and made an XHR request which leads to another XSS in a different endpoint. After chaining both XSSes It allowed me to execute javascript remotely from the attacker’s control panel(Mine). I used nodejs to deliver my malicious commands from the control panel to the target’s browser. I could even steal credentials, any keystrokes, change whole security questions, passphrase and what not of the target. So, that target won’t be able to get their account back but to execute this all there was one dependency, the first XSS was self XSS. To make it workable, the attacker must have to trick target to copy-paste my payload for which I used pastejacking.

I can’t show you real proof of concept. So, To simulate the attack I made a replica of that site which is not functionally as same as a real system but the attack flow was similar as shown in the video.

Cheers!!!

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store