A cross-site scripting vulnerability (also known as XSS) is a vulnerability that allows hackers to execute malicious scripts into a web application. Looking at the statistics of Google’s vulnerability reward program -Google rewards hackers for vulnerabilities they report to them- more than 65% of the vulnerabilities reported are XSS vulnerabilities.
The basic principle of an XSS is that you insert a payload which then reflects back to you on the same page, for example on your profile page. A blind XSS goes further than that. A blind XSS doesn’t reflect back to you, but it reflects back to systems like a CRM or a Server Administration panel. Since these systems are mostly designed to be used internally, they are not always developed with security in mind. This “No one can reach it anyway” approach, can for a hacker be a ticket to the “holy grail”.
If an attacker wants to exploit a blind XSS he needs to do three things:
- Detect the vulnerability.
- Wait till someone opens the payload on an internal system.
- Exploit it.
This is an example code, for this to work you also need a working back-end to interact with the script.
192.168.1.10 is open.
So, testing your internal (web)applications for vulnerabilities is also very important, even if they are not “reachable” from the outside. Because, as you can see above, they may be reachable anyway. It just takes a little bit more effort.
- Olivier Beg