How does one exploit cross scripting?

Question

In my computer science class, my professor provided the following example...

Normally, a user would provide a link by typing the following in chatroom...

[Example Website](https://example.com)

And receive a output of...

Example Website

(highlighted in blue and click-able)

However, if the input was modified to...

_[Example_Website](https://example.com)_

Then the output would be...

Example</em><span class="copyonly">_</span>Website_

(with the blue clickable link ending after the e in website, but before the last _)

My task was to attempt to figure a ways to exploit this, but im quite lost on how to do so. Ive attempted to add in more as follows...

_[Example_Website](https://example.com/>"><script>alert("XSS")</script>&)_

Which resulted in...

Example</em><span class="copyonly">_</span>Website</script>&)_

(blue clickable link now ending after the e in Website)

I noticed some of my code disappeared, does that mean it was executed on the remote server? Is there any other simple test that should be used against this to find out if its exploitable?

XSS does not involve the server executing any code. I think you misunderstand what XSS is. — forest, Apr 19 '18 at 06:26

score 0 · Accepted Answer · answered Apr 19 '18 at 19:57

So the answer to this is that there is no exact right answer unless someone here has exploited the same exact issue in an almost exactly similar way before. Unless there are absolutely no protections against XSS on the site, then it’s usually a bit of a cat and mouse game between the server admin and the attacker (you). The server admin will attempt to thwart your attacks using methods such as HTTP headers set on the web server, Content Security Policy (CSP), escaping user input, validating user input, sanitizing user input, and many more.

In this case, it appears there are certain protections in place, so you need to learn how the code is working to be able to properly attack it. I would recommend looking at source code, using a proxy such as Burp Suite, looking at HTTP headers, and doing a bit of googling.

Since I’m lacking the surrounding information in this case, I’m unable to tell you exactly how to leverage the site with XSS.

But addition, any of the edits you are making are not being processed on the server. XSS is a client side attack that is loaded and executed in the browser, but in the case of persistent XSS is merely stored on the server and served to clients.

How does one exploit cross scripting?

1 Answers1