Demonstrating XSS Attack on a Custom Web Application

Node.js and XSStrike. Took these logos from the respectives websites.

Step 1

Create an index.js file with this code in it. (Also, install express from here)

Step 2

node index.js
http://localhost:3000/?name=inputField
This should how your page should look like. Screenshot by Author.

Step 3

python3 xsstrike.py -u http://localhost:3000/?name=inputField
Install the XSStrike dependencies from here in case you get errors. Screenshot by Author.

Step 4

Try other payloads if one does not work. Screenshot by Author.

Resources:

  1. Stackoverflow answer to prevent XSS in server side javascript.
  2. OWASP cheat sheet to Node.js security.

--

--

--

I do a lot of things. Just trying to find my breakthrough. www.iamYHR.com

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

{UPDATE} PinPong: The Pong Game! Hack Free Resources Generator

Clean up your digital carpet with Application Sandboxing

Detecting the ‘unknown unknowns’

Diving into OWASP Top 10

IoT(Internet of Things)

Performing operations on encrypted data using homomorphic encryption

{UPDATE} Mes Premiers Tangrams 2 Hack Free Resources Generator

ADPlug Platform System

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Yarala Hruthik Reddy

Yarala Hruthik Reddy

I do a lot of things. Just trying to find my breakthrough. www.iamYHR.com

More from Medium

Javascript Security — Weak Type Bypass

Implementing Django-rest API Throttling and Unauthenticated bypass

Login form rate limit

SQL Injection Attack

Methods to Optimize Your Node.js Application