XSS-Attack (Cross site scripting)
Write-ups

pop-up XSS using open redirect

Cross-Site Scripting attacks are mostly used to inject malicious scripts to infect users, in short, we can also say it XSS. The attacker injects it in trusted websites, so the user ignores threats and visits the link. An attacker can get access to user cookies, hook browsers, redirect users to malicious websites and perform many attacks.

How I pop-up XSS using Open redirection:

I was searching for vulnerabilities on a private website. I found a parameter something like site.com/?url=http://site.com/home.php. I was shocked when I changed the parameter to site.com/?url=http://google.com, it redirected to google.com. After this I got an idea to convert Open redirection to pop-up XSS (Cross Site Scripting). I changed the parameter to site.com/?url=http://javascript:alert(‘test’);, and again I was shocked I redirected it to XSS.

XSS pop-up
XSS pop-up

I hope you like this write-up, stay tuned for more. Also join our forum too. https://forum.sprotechs.com.

Salman Arif
Salman Arif Khan is the Founder of Sprotechs InfoSec. He's a Bug hunter. Cybersecurity researcher, Penetration tester and Developer for Sprotechs team.
https://sprotechs.com/