webPromedium

Lab 73 — NetShield — Reflected XSS via 404 Page Attribute Injection

hackadvisor

Task: NetShield DNS monitoring dashboard reflects URL path unescaped into body tag class attribute on 404 pages; admin bot visits reported URLs. Solution: HTML attribute injection breaks out of class attribute to inject onload handler that exfiltrates admin cookie via same-origin feedback API.

nodejs xss cookie_stealing express honeypot admin_bot reflected_xss decoy_flag same_origin_exfiltration attribute_injection 404_page body_tag_injection onload_event

admin_bot_exploitationreflected_xss_via_attribute_injectionhtml_attribute_breakoutsame_origin_cookie_exfiltrationbody_onload_event_injectionurl_encoding_payload_delivery

$ ls tags/ techniques/

nodejs xss cookie_stealing express honeypot admin_bot reflected_xss decoy_flag same_origin_exfiltration attribute_injection 404_page body_tag_injection onload_event

admin_bot_exploitationreflected_xss_via_attribute_injectionhtml_attribute_breakoutsame_origin_cookie_exfiltrationbody_onload_event_injectionurl_encoding_payload_delivery

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Permission denied (requires tier.pro)

Sign in to access full writeups

Sign in with GitHub, Discord, or Google to continue. No email required.

$sign in

$ grep --similar

Similar writeups

[web][Pro]Lab 378 — PulseBoard — Cache Poisoning XSS via Next.js Header Misclassification— hackadvisor
[web][Pro]Lab 283 — PulseMetrics — XSS via HTTP Response Splitting (CRLF Injection)— hackadvisor
[web][Pro]Lab 70 — LivePulse— hackadvisor
[web][Pro]Lab 72 — WriteFlow — Stored XSS via WYSIWYG Editor Sanitizer Bypass— hackadvisor
[web][Pro]Lab 76 — DocuWeave — Stored XSS via Diagram Rendering Attribute Injection— hackadvisor