This repository contains the solution and documentation DOM XSS Exploitation using Web Messages Project File. The objective is to exploit a DOM-based Cross-Site Scripting (XSS) vulnerability using web messages to trigger a specific function (print()) on a target site.
The project demonstrates a DOM XSS vulnerability in a web application that listens for web messages. The vulnerability allows an attacker to craft malicious messages that are executed without proper sanitization, leading to the execution of arbitrary functions.
-
Understanding the Vulnerability
Analyze how web messages are handled unsafely in the target web application. -
Crafting Exploits
Generate malicious payloads to exploit DOM-based XSS vulnerabilities. -
Automated Exploit Delivery
Use an iframe and the exploit server to deliver malicious messages seamlessly. -
Detailed Explanation
Comprehensive insights into the working of the exploit and how it leverages the vulnerability.
-
Understand the Vulnerability
- The homepage listens for web messages using the
addEventListener()function. - Incoming messages are inserted into a
<div>with the IDadswithout sanitization, enabling a DOM XSS vulnerability.
- The homepage listens for web messages using the
-
Craft the Exploit
- Create an iframe with a payload containing an invalid
<img>tag. - Use the
onerrorattribute to execute theprint()function.
- Create an iframe with a payload containing an invalid
-
Set Up the Exploit Server
- Use the exploit server to host the malicious iframe and payload.
-
Deliver the Exploit
- Save and deliver the exploit to the victim using the exploit server.
-
Monitor the Result
- Verify that the
print()function is successfully executed, confirming the lab solution.
- Verify that the
```html
<iframe src="https://0af20055030da45b81a4941e009900be.web-security-academy.net/"
onload="this.contentWindow.postMessage('<img src=1 onerror=print()>', '*')"></iframe>
- Vulnerability Type: DOM-based Cross-Site Scripting (XSS)
- Method Used: Web messaging with iframe payloads
- Outcome: Successful execution of the print() function through a crafted payload
- Basic understanding of web vulnerabilities and DOM-based XSS
- Access to the exploit server provided in the lab environment
This project is intended for educational and ethical purposes only. The methods and techniques demonstrated here should only be used in controlled environments where explicit permission has been granted.
Unauthorized testing, exploitation, or use of these techniques on real-world systems without proper authorization is illegal and unethical. The authors and contributors of this repository are not responsible for any misuse or damage caused by the information provided here.
By using this repository, you agree to adhere to all relevant laws and regulations and to practice responsible and ethical cybersecurity.