# XSS

## XSS Explained

Cross-site scripting, also known as XSS is a security vulnerability typically found in web applications. It’s a type of injection which can allow an attacker to execute malicious scripts and have it execute on a victim’s machine.\
A web application is vulnerable to XSS if it uses unsanitized user input. XSS is possible in Javascript, VBScript, Flash and CSS. There are three main types of cross-site scripting:

1. Stored/Persistent XSS - the most dangerous type of XSS. This is where a malicious string originates from the website’s database. This often happens when a website allows user input that is not sanitised (remove the "bad parts" of a users input) when inserted into the database.
2. Reflected XSS - the malicious payload is part of the victims request to the website. The website includes this payload in response back to the user. To summarise, an attacker needs to trick a victim into clicking a URL to execute their malicious payload.
3. DOM-Based XSS - DOM stands for Document Object Model and is a programming interface for HTML and XML documents. It represents the page so that programs can change the document structure, style and content. A web page is a document and this document can be either displayed in the browser window or as the HTML source.

XSS Payloads

Remember, cross-site scripting is a vulnerability that can be exploited to execute malicious Javascript on a victim’s machine. Check out some common payloads types used:

* Popup's (\<script>alert(“Hello World”)\</script>) - Creates a Hello World message popup on a users browser.
* Writing HTML (document.write) - Override the website's HTML to add your own (essentially defacing the entire page).
* XSS Keylogger (<http://www.xss-payloads.com/payloads/scripts/simplekeylogger.js.html>) - You can log all keystrokes of a user, capturing their password and other sensitive information they type into the webpage.
* Port scanning (<http://www.xss-payloads.com/payloads/scripts/portscanapi.js.html>) - A mini local port scanner (more information on this is covered in the TryHackMe XSS room).

XSS-Payloads.com is a website that has XSS related Payloads, Tools, Documentation and more. You can download XSS payloads that take snapshots from a webcam or even get a more capable port and network scanner.

{% embed url="<http://www.xss-payloads.com>" %}

```
IP address:
<script>alert(window.location.hostname)</script>

Cookies:
<script>alert(document.cookie)</script>

Change elements on the page:
<script>document.querySelector('#thm-title').textContent = 'I am a hacker'</script>
```

{% embed url="<https://owasp.org/www-community/xss-filter-evasion-cheatsheet>" %}
GOLD
{% endembed %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://wiki.zacheller.dev/web-app-pentest/xss.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.