Home/ Questions/Q 359967
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-12T12:26:37+00:00

I just read this post about really nasty (and cool at the same time)

  • 0

I just read this post about really nasty (and cool at the same time) ways to perform XSS. However, there is still something unclear to me.

I understand the full concept of the attack, however, I dont see how this can potentially be exploited. The "action" attribute inside the form must point to a ftp server (or any other server that reflects input), but this is never the case.

So unless you have another XSS hole to inject such a form this vulnerability cannot be exploited. My question is if my conclusion that it cannot be exploited is true, or that im missing something?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    This is exploitable as follows.

    • MrCrim wants to steal the login of someone that uses victim.net
    • MrCrim notices that victim.net is running an ftp server on an unusual port
    • MrCrim puts up a form on his own site, evil.com
    • The form contains the “ftp commands” in the form elements and its post action is to victim.net
    • MrCrim writes a JS script that steals document.cookie from a site and hosts that script in a .js file on evil.com. It probably works by including the cookie string as part of an image source URL that is requested from evil.com
    • One of the “ftp commands” in MrCrim’s form is constructed to write a small bit of JS that executes MrCrim’s cookie-stealing script
    • MrCrim tempts people to look at evil.com by posting links on forums and sending spam.
    • UnsuspectingUser follows a link posted in his favourite forum and lands at evil.com. He posts the form, not knowing of its evil and wily intentions
    • UnsuspectingUser is now on victim.net and Bam! the JS “injected” by the FTP server is executed and UnsuspectingUser’s cookie for victim.net get’s sent to evil.com
    • Profit! 🙂
    • 0