0

I have a situation where I need to exploit the xss vulnerability (For academic purpose - for an assignment)

So all I have to do it, add the javascript or jquery alongside URL and redirect it to some overpage which is there in the same server.

I am struck. I don't know why I am struggling to redirect with:

window.location = " redirect_To_This_URL"

Here are the specific details:

The actual URL:
example.com/xss/index.php?username=Administrator

This has a text input box where the user inputs his password and there is a button.(On successful password entry it takes to example.com/xss/login.php

But

I need to redirect it to example.com/xss/fake.php

Reference:
http://leakybox.cs.hut.fi/xss/index.php?username=Administrator

Cœur
  • 37,241
  • 25
  • 195
  • 267
kingmakerking
  • 2,017
  • 2
  • 28
  • 44
  • try `window.location.href`, also check http://stackoverflow.com/questions/7077770/window-location-href-and-window-open-methods-in-javascript – JFK Oct 16 '13 at 22:23
  • Dunno why you need jQuery for this when you can just modify the script's action to go to fake.php in the DOM – Ohgodwhy Oct 16 '13 at 22:31

1 Answers1

0

you need to close the "h1" tag before you put the script tag,the attack vector will look like

Hover to see the attack vector

1234varun
  • 239
  • 1
  • 7