Make an XSS Payload to Read document.body from a Vulnerable Website
In this lesson, we'll learn how to exploit an XSS vulnerability to read the contents of the page body from a vulnerable site, capturing whatever sensitive information is on the page, and sending it back to our attacker website for further exploit. This will effectively show that XSS must be completely stopped, rather than stopping a specific type of exploit such as cookie theft via XSS like in our previous lesson.
Instructor: [0:00] We stopped our attacker from stealing the session cookie, but we haven't mitigated XSS in general. This is the important point. In the previous lesson, we stopped a specific type of XSS attack, but left another door wide open.
[0:15] If we look at our site, we could see that it also displays a bunch of information when logged in. It displays the username and it displays their social security number. Our attacker can swap out document.cookie for document.body.innerText, which will print the entire text of the web page.
[0:32] If we save our payload, paste it into the form and hit submit, we could see that the request has gone out to our payload endpoint which contains the user's social security number. These proves that it wasn't document.cookie that was our problem. Although fixing that was important, but truly, XSS is the thing we must mitigate.
Member comments are a way for members to communicate, interact, and ask questions about a lesson.
The instructor or someone from the community might respond to your question Here are a few basic guidelines to commenting on egghead.io
Be on-Topic
Comments are for discussing a lesson. If you're having a general issue with the website functionality, please contact us at support@egghead.io.
Avoid meta-discussion
Code Problems?
Should be accompanied by code! Codesandbox or Stackblitz provide a way to share code and discuss it in context
Details and Context
Vague question? Vague answer. Any details and context you can provide will lure more interesting answers!