Follow us on Twitter!
Never in the field of human conflict was so much owed by so many to so few. - Winston Churchill
Thursday, April 27, 2017
Navigation
Home
 Find:
 Information:
Learn
Communicate
Submit
Shop
Challenges
 Exploit:
 Programming:
 Think:
 Track:
 Patch:
 Other:
 Need Help?
Other
Members Online
Total Online: 65
Guests Online: 62
Members Online: 3

Registered Members: 99936
Newest Member: skeptic92
Latest Articles
View Thread

HellBound Hackers | Computer General | Hacking in general

Author

Little bit confused on XSS

pawnflow
Member

Your avatar

Posts: 10
Location:
Joined: 11.01.17
Rank:
Wiseman
Posted on 03-03-17 00:36
So recently I've been playing Google's XSS App Game. On of the levels, you have to run an alert using an image on the website. For example you use inspect element to turn <img src="meme.jpg"> into <img src="gibberish" onerror="javascript:alert('123'Wink;"> which runs an alert that says 123.

I'm confused, how is this really XSS?

Link: https://xss-game.appspot.com/

Edited by pawnflow on 03-03-17 00:37
Author

RE: Little bit confused on XSS

MingBomb
Member

Your avatar

Posts: 3
Location:
Joined: 25.09.15
Rank:
Hacker Level 1
Posted on 03-03-17 09:11
On its own it's not particularly dangerous, but you could use it for CSRF, or to call external js, and then it would become more of an issue.
Author

RE: Little bit confused on XSS

Huitzilopochtli
Member



Posts: 1495
Location:
Joined: 19.02.13
Rank:
God
Posted on 04-03-17 01:57
There's a thread about it on stackexchange here: http://security.s. . .src-xss-do
It's also a perfect vector for CSRF, and could be used to do almost anything, if the site in question hasn't protected everything dangerous with tokens.Plus with CSRF it's all done silently in the background so the victim would be none the wiser.