Self XSS to evil XSS | R&D Intel News

Self XSS To Evil XSS | by Saad Ahmed - Freedium Milestone: 20GB Reached We’ve reached 20GB of stored data — thank you for helping us grow! Patreon Ko-fi Liberapay Close < Go to the original Self XSS To Evil XSS Hi guy I hope you all are fine this POC is all about how I convert the Self XSS To Evil XSS so let assume the site PRIVATE.COM Saad Ahmed Follow ~3 min read · June 20, 2019 (Updated: December 10, 2021) · Free: Yes The first step simply sign-up and login to the account & start playing with the change account details functionality after some time I find out that the first name field is vulnerable to xss but the problem is this is self stored xss so I need to convert this xss to exploit other users I check the 1st method through CSRF but there is a CSRF token in the account update functionality so this method fail & then I remember GEEK BOY POC . So simple created the html + js code to steal email & pass of victim. XSS

Something Went Wrong Please Login Again

This is a simple html code with 2 input fields with 1 button asking for Email and Password & the JS code simply get the input field value & send it to attacker server and upload the code the web host. Simply use I frame to load the code from web host. This is how i look like. Everything is good now all I need is to send the user this form. This is simply make victim to login in my account without knowing him & when he login in my account he see the msg Something Went Wrong with input fields & try to login when he try the JS code simply get the email & pass victim enter and send it to attacker server I hope you like it :) ./Logout #javascript Reporting a Problem Sometimes we have problems displaying some Medium posts. If you have a problem that some images aren't loading - try using VPN. Probably you have problem with access to Medium CDN (or fucking Cloudflare's bot detection algorithms are blocking you).