Day 37 comes with more XSS escalation by PDF generation and database credential leakage!
Local file read via XSS using PDF generate functionality
XSS to Database Credential Leakage
From Sam (CoffeeJunkie). This week while hunting in a private program, I came across an endpoint where I was able to inject HTML tags and different paremeters, but it was limited to certain tags. Having the pursue to achieve XSS I came across different write ups in order to understand the thought process behind the attack and how specially some payloads might work. From Harsh Bothra who has an amazing experience in the field. He found XSS to Database Credential Leakaga and I am more than happy to read and learn from this amazing individual.
In this attack scenario, Harsh was able to perform XSS attack in a search bar by providing the following payload:
<img src=”x” onerror=alert(1)>. Sounds terrific, right? Well, he wanted to escalate it and while performing and attack with intruder from burpsuite, he came across an internal error which was leaking database credentials! Therefore, Harsh proceeds to go to
/server/phpmyadmin and log in.
FULL Write Up here