XSS in script context

Charlie Choi's Avatar

Charlie Choi

18 Mar, 2018 08:55 AM

I found out the some various Javascripts injected by Arachni,
But I don't understand, how did it inject those JS into body cause there are no tainted input except search form.
I thought, it just stored the whole body content in response to crawled requests, and just appended that JS to the body content.
So I guessed attack payload only was real injected pattern by Arachni.

Attack payload :

Body :

tml xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"><head><script src="http://javascript.browser.arachni/polyfills.js"></script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="http://javascript.browser.arachni/taint_tracer.js"></script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="http://javascript.browser.arachni/dom_monitor.js"></script> <!-- Injected by Arachni::Browser::Javascript -->

.. omitting..

  1. Support Staff 1 Posted by Tasos Laskos on 19 Mar, 2018 09:15 AM

    Tasos Laskos's Avatar

    These have nothing to do with XSS, it's the browser env that is being loaded.
    It's of no concern.

  2. Tasos Laskos closed this discussion on 19 Mar, 2018 09:15 AM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts


? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac