Help with XSSI exploitation

waike · January 18, 2020, 1:01am

I’ve been learning about the XSSI vulnerability type, and I think I might have found my first exploitable target. The actual exploitation is proving a bit difficult, though, especially since my Javascript knowledge is very limited.

I’ve found a JS file that leaks sensitive user data in a few variables. I included the file in <script> tags in a PoC html file. However, these variables are declared within an anonymous function, so they can’t be accessed via a simple console.log(var_name);

(function () {

  // (...)

  const data = {
    data1: 'PII',
    data2: 'secret token'
  };

  // (...)

})();

Is this exploitable? Can I somehow access this data via Javascript?

Liza02 · January 30, 2020, 12:07pm

I am trying to crack it. I am almost there. Many variables are present there. I have used windows laptop to crack it. By doing do my windows taskbar won’t hide in fullscreen. Although it was already enabled. But you can access it via the above mentioned file.

Topic		Replies	Views
What Does This JS Code Do and How to Exploit? Starter Zone	4	12415	May 31, 2017
Javascript questions Web Hacking	2	1896	June 18, 2019
Help for dom xss Web Hacking	6	10748	July 13, 2020
Xss reflected regarding Starter Zone	8	1749	July 29, 2020
Xss inside Param tag Web Hacking	5	1705	February 13, 2020

Help with XSSI exploitation

Related topics