Made a Simple Test Page
What does it do?
It takes the value of payload and then logs it to console along with the age.
Let’s look at the source…
Php injects the request parameter into the page dynamically, it then produces normal script output, this is very common in web apps, dynamically producing static code output.
What do we do next?
Well, like overflows we control what happens after, therefore all we have to do is provide valid code!
james"; alert("Follow me on Twitter @int0x33"); var random = "
As you can see we had to finish off the first variable properly…
var name = "james";
Then we can do whatever we want…
alert("Follow me on Twitter @int0x33");
- Steal Secrets
- Browser Exploitation etc
Finally, close it off properly…
var random = "
var random = "";
I will do a few posts on advanced XSS exploitation in the coming weeks that will help you get past filters, do more with XSS and generally take XSS exploitation to the next level.