Upgrading XSS Hunter with A Basic Reverse JavaScript Shell

Upgrading XSS Hunter with A Basic Reverse JavaScript Shell

Upgrading XSS Hunter with a basic reverse JavaScript shell. Before you start reading this article, please keep in mind that this is a very basic reverse shell. Setting up the shell with XSS Hunting. Thats it, you got yourself a very simple JavaScript reverse shell.

Before you start reading this article, please keep in mind that this is a very basic reverse shell, and still needs a lot of work to get the most out of it. A few of the limitations are:

  • Errors could occur if more the payload is active on multiple pages. The payload gets executed on all pages where it’s active, but the multiple pages could be distinct from each other, and when they all send back their response, only one of them is saved by the interface.
  • The reverse shell interface is made to be placed on a webserver, which means that everyone can find it when you don’t have proper authorization in place. That also means that an adversary can find it and use it with bad intentions.

Recently I have found my first blind XSS, and I quickly noticed that it’s hard to figure out what’s possible with your blind XSS and what impact it can have. To figure this out, I tried several payloads, but felt the need to execute payloads in real time. Because of that, I came up with the idea to make a reverse shell, that I can use as soon as I receive an email from XSS Hunter to notify me the XSS has been triggered. The only problem is that the reverse shell would only work if the victim stays on the vulnerable page. Once he goes to another page or closes the page, the connection will be lost.

This reverse shell isn’t the best solution, but it’s helpful for beginners to experiment with it. And it was a fun little project for me to make.

To start the project, I opened up notepad and started writing down how I wanted the shell to function.

Notes

Notes

bug-bounty blind-xss javascript xss-attack

What is Geek Coin

What is GeekCash, Geek Token

Best Visual Studio Code Themes of 2021

Bootstrap 5 Tutorial - Bootstrap 5 Crash Course for Beginners

Nest.JS Tutorial for Beginners

Hello Vue 3: A First Look at Vue 3 and the Composition API

Wormable Apple iCloud Bug Allows Automatic Photo Theft

Ethical hackers so far have earned nearly $300K in payouts from the Apple bug-bounty program for discovering 55 bugs, 11 of them critical, during a three-month hack. The wormable iCloud bug is a cross-site scripting (XSS) issue, according to the writeup.

Critical Adobe Flaws Allow Attackers to Run JavaScript in Browsers

Five critical cross-site scripting flaws were fixed by Adobe in Experience Manager as part of its regularly scheduled patches.

Hire Dedicated JavaScript Developers -Hire JavaScript Developers

Hire dedicated JavaScript Developers who are proficient in AngularJS, ReactJS, NodeJS, & VueJS frameworks. Get flexible hiring models as per your business requirements.

Cache Poisoning with XSS, a peculiar case

You have heard of the cache poisoning, a bug that had existed for far longer than most of people have been aware, as in many other cases of…

What is JavaScript - Stackfindover - Blog

What is PHP: - Who invented PHP, how it works, answers to all such questions about PHP, and much other information, you are going to