Ethical Hacking and Penetration Testing Guide


◾  Ethical Hacking and Penetration Testing Guide POC



Yüklə 22,44 Mb.
Pdf görüntüsü
səhifə230/235
tarix07.08.2023
ölçüsü22,44 Mb.
#138846
1   ...   227   228   229   230   231   232   233   234   235
Ethical Hacking and Penetration Testing Guide ( PDFDrive )

382
◾ 
Ethical Hacking and Penetration Testing Guide
POC
https://paypal-globaled.com/partners/intro_partner_program/player/attach.html?javascript: 
alert(0);
Example 4
The document.referrer is also a common place to look for DOM XSS vulnerabilities; the referrer 
property returns the location to the page that linked to the current page.
A security researcher named David Sopas found an issue in Eloqua script, where the docu-
ment.referrer was being executed via document.write without any pre-escaping. The vulnerable 
code was as follows:
Vulnerable code
As we can notice from the first line, the variable “elqRef2” is being set to document.referrer, which 
is being executed via document.write (sink) in the seventh line.
The proof of concept that was generated by the researcher was as follows:
POC
www.dowjones.com/?">

XSS


This would result in an HTML injection. You can inject your JavaScript code after the ques-
tion to exploit the document.referrer property.
www.dowjones.com/?">


Web Hacking
◾ 
383
The document.referrer is currently exploitable only in Internet Explorer, because in browsers 
like Firefox, Chrome, and Safari, user input passed after the “?” is returned encoded.
Example 5
The document.cookie is another very common source of DOM XSS; however, the exploitation of 
however, it's exploitation is a bit trivial, because in order to exploit it, you need to have the ability to 
manipulate the cookies. Since you can manipulate your own cookies, you can only XSS yourself, 
which is otherwise known as a “SELF-XSS.” The goal with the XSS would be to execute the JavaScript 
in the victim’s browsers. In order to do that, we need to find another subdomain vulnerable to XSS.
Let’s take a look at an example of a DOM-based XSS vulnerability found by one of my friends 
Prakhar Prasad from India. The vulnerability was in a popular Indian website called “rediff.com.” 
The source was a document.cookie, and the execution sink was innerHTML. Let’s take a look at 
the vulnerable code.

Yüklə 22,44 Mb.

Dostları ilə paylaş:
1   ...   227   228   229   230   231   232   233   234   235




Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur ©azkurs.org 2024
rəhbərliyinə müraciət

gir | qeydiyyatdan keç
    Ana səhifə


yükləyin