BURPSUITE:Consiguiendo XSS mediante HMTLInjection

INYECTANDO <iframes> para conseguir un XSS ... Pues con BurpSuite "pispo"

 .. dedicado a PERIMETRAL :P

Mañana lo explico, ya estoy "roto".. os dejo unas imágenes ok ? .. y si no, también coño  .... (joder con Google cambiando y actualizando Blogger .. no pirula bien lo siento ... bueno, no, no es profesional, por lo tanto me da igual .. al no ganar paxta, "me la sopla" .. :p... y si, esta vez las explicaciones en Inglés .. si, lo siento, ya lo sé ..

Burp repeater panel

In Figure, the attack spot that takes the input on the webpage has been highlighted. We need to find out if the if the input is sanitized for code injections or not. First, we shall attempt a simple HTML injection on the webpage as shown in Figure. This tells us that HTML tags are not sanitized in the input. As before, use render to preview the webpage within the tool in its own panel.

HTML injection

Next, we will try probing for XSS vulnerabilities. For this we need to pass a script tag. The attack string could be a simple JavaScript such as: 

<iframe src=”javascript:alert(‘Xss’)”;</iframe>

                                                               Iframe injection using repeater

In figure of this Burp Suite tutorial, we see that the iframe code is injected into the source of the webpage. Check the browser to confirm if there is an XSS bug present in the application. We see that there is a reflected XSS vulnerability on the target, as shown in Figure.

Confirming XSS vulnerability in the target

Y TAMBIÉN PARA MAÑANA

LDAP CON BURPSUITE

ENCONTRANDO EL FALLO

.......