XSS-Attack (Cross site scripting)

pop-up XSS using open redirect

Cross-Site Scripting attacks are mostly used to inject malicious scripts to infect users, in short, we can also say it XSS. The attacker injects it in trusted websites, so the user ignores threats and visits the link. An attacker can get access to user cookies, hook browsers, redirect users to malicious websites and perform many attacks.

How I pop-up XSS using Open redirection:

I was searching for vulnerabilities on a private website. I found a parameter something like site.com/?url=http://site.com/home.php. I was shocked when I changed the parameter to site.com/?url=http://google.com, it redirected to google.com. After this I got an idea to convert Open redirection to pop-up XSS (Cross Site Scripting). I changed the parameter to site.com/?url=http://javascript:alert(‘test’);, and again I was shocked I redirected it to XSS.

XSS pop-up
XSS pop-up

I hope you like this write-up, stay tuned for more. Also join our forum too. https://forum.sprotechs.com.

Leave a Comment

Your email address will not be published. Required fields are marked *