Skip to content
This repository has been archived by the owner on Mar 26, 2024. It is now read-only.

Commit

Permalink
new
Browse files Browse the repository at this point in the history
  • Loading branch information
Guillaume Dorschner authored and Guillaume Dorschner committed Nov 15, 2023
1 parent 6845337 commit acef9ce
Show file tree
Hide file tree
Showing 2 changed files with 39 additions and 7 deletions.
2 changes: 1 addition & 1 deletion Documentation/hack/csrf.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ Cross-Site Request Forgery (CSRF) involves unauthorized commands being sent from

## How It Works

...
![image](https://github.com/GuillaumeDorschner/HackMe/assets/44686652/09f32e44-de01-49c0-9c07-4171f8c2990d)

## Detection

Expand Down
44 changes: 38 additions & 6 deletions Documentation/hack/xss.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,25 +2,57 @@

## Definition

Cross-Site Scripting (XSS) attacks are...
Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.

## How It Works

...
![image](https://github.com/GuillaumeDorschner/HackMe/assets/44686652/a0e78870-5c49-49fb-862f-3f64f31645fc)


## Detection

...
XSS vulnerabilities can be detected by:
- Using tootls / frameworks that automatically escape XSS by design.
- Utilizing automated scanning tools designed to discover common web application vulnerabilities.
- Conducting thorough code reviews to identify potential injection points.

## Prevention

...
To prevent XSS attacks:
- Sanitize all user input to remove or encode potentially malicious content.
- Implement Content Security Policy (CSP) headers to restrict the types of content that can be executed on a webpage.


## Example Scenarios

...
Injection with the script
```js
{
id: 1,
author: "John Doe",
content: "This is my first post! <script>alert('hey');</script> This is my first",
timestamp: "2023-01-01T12:00:00",
likes: 20,
comments: [
{
commenter: "Jane Doe",
comment: "This is my first post!",
},
],
},
```

the result is:
![image](https://github.com/GuillaumeDorschner/HackMe/assets/44686652/6762aef5-8adf-4e36-a5ec-f70a4c7c3564)

In this case, the hacker executes a script on your webpage which could potentially give them access to your session ID, tokens, and personal information such as your full name.

## References

- [OWASP Guide on XSS](https://owasp.org/www-community/attacks/xss/)
-


Please replace the links with the correct URLs where the images are hosted. If the images are not publicly accessible, they will not be displayed correctly in the Markdown file. Also, ensure that the JavaScript object is correctly formatted within the code block if you want it to display properly.

## How to hack 😈

0 comments on commit acef9ce

Please sign in to comment.