Cross-Site Scripting (XSS)

The provided code in the lab is vulnerable to a Cross-Site Scripting (XSS) attack. The index.php file directly echoes the name parameter from the URL without any sanitization, making it susceptible to XSS.

1.Create the Bash Script: Create a file named xss.sh and add the provided Bash script to it.

#!/bin/bash

echo $1 > _tmp/strip

php -S 127.0.0.1:8080 -t xss &

open 'http://127.0.0.1:8080/?name=<script>alert(1);</script>'

wait

echo $1 > _tmp/strip: Takes the first argument passed to the script ($1) and writes it to a file named _tmp/strip.
php -S 127.0.0.1:8080 -t xss &: Starts a PHP built-in server on 127.0.0.1 (localhost) at port 8080, serving files from the xss directory. The & at the end runs the server in the background.
open 'http://127.0.0.1:8080/?name=<script>alert(1);</script>': Opens the specified URL in the default web browser. The URL includes the XSS payload (<script>alert(1);</script>) in the name parameter.
wait: Waits for all background jobs to finish before terminating the script. This ensures that the PHP server continues running until the script is manually stopped or all background processes are completed.

2.Make the Script Executable: Change the script's permissions to make it executable.

chmod +x xss.sh

The JavaScript code alert(1); triggers an alert box in the browser with the message 1.
The appearance of this alert box confirms that the XSS payload has been successfully executed, demonstrating the XSS vulnerability.

Last updated 1 year ago