XSS in script context
Hi,
I found out the some various Javascripts injected by Arachni,
But I don't understand, how did it inject those JS into body cause there are no tainted input except search form.
I thought, it just stored the whole body content in response to crawled requests, and just appended that JS to the body content.
So I guessed attack payload only was real injected pattern by Arachni.
Attack payload :
http://demo.testfire.net/search.aspx?txtSearch=%3C/script%3E%3Cscri...
Body :
tml xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"><head><script src="http://javascript.browser.arachni/polyfills.js"></script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="http://javascript.browser.arachni/taint_tracer.js"></script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="http://javascript.browser.arachni/dom_monitor.js"></script> <!-- Injected by Arachni::Browser::Javascript -->
.. omitting..
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
| ? | Show this help |
|---|---|
| ESC | Blurs the current field |
Comment Form
| r | Focus the comment reply box |
|---|---|
| ^ + ↩ | Submit the comment |
You can use Command ⌘ instead of Control ^ on Mac
Support Staff 1 Posted by Tasos Laskos on 19 Mar, 2018 09:15 AM
These have nothing to do with XSS, it's the browser env that is being loaded.
It's of no concern.
Tasos Laskos closed this discussion on 19 Mar, 2018 09:15 AM.