XSS vulnerable website
#1
Link: http://ueb.ac.in/return_query.php?msg=
Example

The vulnerability seen in this website is a reflected XSS vulnerability. What does reflected XSS mean? According to OWASP reflected XSS has the following definition:

Code:
Reflected Cross-site Scripting (XSS) occur when an attacker injects browser executable code within a single HTTP response. The injected attack is not stored within the application itself; it is non-persistent and only impacts users who open a maliciously crafted link or third-party web page. The attack string is included as part of the crafted URI or HTTP parameters, improperly processed by the application, and returned to the victim.

Or in lame terms, when you enter script into the URL and it executes the script


How can this be used?

99% of corporate networks do not deny access to anything that has "Education" in it's name, context, or content. This means that this site can be used as a dropper for single HTTP requests, for example (just an example);

You can craft an email to the network users (phishing) and have them follow the link to do what you asked them to. Once there you can have a script taking them to your dropper (as shown above) and drop into the network. This can cause devastating issues for multiple individuals.
Reply
#2
(02-27-2018, 11:20 PM)ekultek Wrote: Decided that I'd dump a vulnerable website I found. Have fun and you didn't get http://ueb.ac.in/ also don't forget to place a query..

Is there a sole point to this thread? Could you elaborate more on what it is, i'm presuming somewhere on ueb there's a reflected XSS Vulnerability?
Reply
#3
"Don't forget to place a query"

If you don't know what that means after going to the website I can't help you
Reply
#4
(02-28-2018, 12:04 PM)ekultek Wrote: "Don't forget to place a query"

If you don't know what that means after going to the website I can't help you

In my opinion, this thread has little to no substance at all. Just posting a link with nothing added, that is low quality and I expected more from you.

This isn't a secret club or anything, you can't just post a link and expect everyone to just "get" it. If you want to do some good, why don't you explain more about this vulnerability? Make a PoC or write-up on your exploitation so that others can learn too?
Reply
#5
(02-28-2018, 12:04 PM)ekultek Wrote: "Don't forget to place a query"

If you don't know what that means after going to the website I can't help you

He asked you to be more clear about your pointless thread. He probably knows what he's talking about, but like me, probably can't be assed to care about "A Minority Educational Institution" in India that doesn't even use HTTPS. Real impressive find you got here, it's almost like you found it a few pages into playing with Google Dorks.

Looks like reflective XSS with basic filtering put in place.

Try being more helpful next time.
Reply
#6
Edited, hope it's up to your standards.
Reply
#7
(02-28-2018, 06:50 PM)ekultek Wrote: Edited, hope it's up to your standards.

Just know, I'm not forcing you to edit anything. I'm just pointing out what I think Wink If you disagree, I'm fine with that. Haha, definition of xss? Went over the top there don't ya think? The first two lines would've been fine with me. The query and example. Just letting you know.

I'm sorry to be giving you a maybe snobby and bad first impression of our forum. But we all hold deep pride over our quality, it's a part of our image that makes us different and better than most other average forum. And it helps people who are genuinely looking to educate them self and teach others to drive them in here.

I hope you understand where I'm coming from.

Ontopic: Now this is by all means a nice find. Would be cool to see if you can combine other exploitation methods together to gain access. I had a very knowledgeable friend a long time ago, still my friend but not around. But he used to try exploit SQLi and xss together at the time same.

Too be honest, I don't really know much about this. You probably know more on it than me. But I'll explore and play around. Cool share dude.
Reply
#8
(02-28-2018, 06:03 PM)Cypher Wrote:
(02-28-2018, 12:04 PM)ekultek Wrote: "Don't forget to place a query"

If you don't know what that means after going to the website I can't help you

He asked you to be more clear about your pointless thread. He probably knows what he's talking about, but like me, probably can't be assed to care about "A Minority Educational Institution" in India that doesn't even use HTTPS. Real impressive find you got here, it's almost like you found it a few pages into playing with Google Dorks.

Looks like reflective XSS with basic filtering put in place.

Try being more helpful next time.

Cypher pretty much said it.

I personally find looking for XSS vulns on little known sites bland and a waste of time, I could go ahead a google dork 100+ *.gov sites for reflective XSS Vulnerabilities and post them on here. But in actual fact there's no point, not only does Chrome completely mitigate your payload it's on a site which nobody knows about.

That's just my 2 cents. 
 
[Image: fTARJhQ.png]
Reply
#9
(02-28-2018, 07:55 PM)sock Wrote: Cypher pretty much said it.

I personally find looking for XSS vulns on little known sites bland and a waste of time, I could go ahead a google dork 100+ *.gov sites for reflective XSS Vulnerabilities and post them on here. But in actual fact there's no point, not only does Chrome completely mitigate your payload it's on a site which nobody knows about.

That's just my 2 cents. 
 
[Image: fTARJhQ.png]


Before I state this, I'm not trying to be a dick;

1. 99% of corporate networks do not allow the use of Chrome. Prime examples, Department of Labor, NSA, Equifax/ The reason behind this is that Chrome is exploitable in more then one way, and is not open sourced, so once an exploit is gathered, it takes longer for the devs to fix it then an open source project that has thousands of devs on it. Most corporate networks use Firefox or IE.
2. You can bypass Chromes XSS filter using Unicode and Base64
3. You shouldn't be using Chrome to do any sort of testing if you don't want to wind up in prison

(02-28-2018, 07:31 PM)Insider Wrote: Just know, I'm not forcing you to edit anything. I'm just pointing out what I think Wink If you disagree, I'm fine with that. Haha, definition of xss? Went over the top there don't ya think? The first two lines would've been fine with me. The query and example. Just letting you know.

I'm sorry to be giving you a maybe snobby and bad first impression of our forum. But we all hold deep pride over our quality, it's a part of our image that makes us different and better than most other average forum. And it helps people who are genuinely looking to educate them self and teach others to drive them in here.

I hope you understand where I'm coming from.

Ontopic: Now this is by all means a nice find. Would be cool to see if you can combine other exploitation methods together to gain access. I had a very knowledgeable friend a long time ago, still my friend but not around. But he used to try exploit SQLi and xss together at the time same.

Too be honest, I don't really know much about this. You probably know more on it than me. But I'll explore and play around. Cool share dude.

No I get it. It's all good. Something cool that you can try is embedding the XSS into XML or JSON format, IE;

JSON:
Code:
{
   "something": [
     "<script>",
     "alert('test');",
     "</script>"
    ]
}

XML:
Code:
<somekey id="<script>">alert('test');</script></somekey>
Reply
#10
I want to learn about XSS recently. But where do I need to learn it?
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  [Tutorial] XSS through Exif headers Insider 1 718 06-16-2020, 11:51 AM
Last Post: LaZr4us
  Basics of website and server hacking Insider 0 1,714 03-26-2020, 09:34 PM
Last Post: Insider
  Guide to XSS (Examples included) NO-OP 3 12,701 04-29-2019, 12:44 PM
Last Post: mhiats37
  [PoC] RunBox.com x MailChimp.com - Stored XSS Vulnerabilities (Bug Bounty Hunting) Daisuke Dan 3 5,913 04-24-2019, 08:47 PM
Last Post: thunder