Help with XSSI exploitation

waike · January 18, 2020, 1:01am

I’ve been learning about the XSSI vulnerability type, and I think I might have found my first exploitable target. The actual exploitation is proving a bit difficult, though, especially since my Javascript knowledge is very limited.

I’ve found a JS file that leaks sensitive user data in a few variables. I included the file in <script> tags in a PoC html file. However, these variables are declared within an anonymous function, so they can’t be accessed via a simple console.log(var_name);

(function () {

  // (...)

  const data = {
    data1: 'PII',
    data2: 'secret token'
  };

  // (...)

})();

Is this exploitable? Can I somehow access this data via Javascript?

Liza02 · January 30, 2020, 12:07pm

I am trying to crack it. I am almost there. Many variables are present there. I have used windows laptop to crack it. By doing do my windows taskbar won’t hide in fullscreen. Although it was already enabled. But you can access it via the above mentioned file.

Topic		Replies	Views
What Does This JS Code Do and How to Exploit? Starter Zone	4	12007	May 31, 2017
Javascript questions Web Hacking	2	1816	June 18, 2019
Help for dom xss Web Hacking	6	10546	July 13, 2020
Jquery 1.7.2 Vulnerabilty and Exploits Bugcrowd Discussion	1	7905	July 18, 2019
Xss reflected regarding Starter Zone	8	1604	July 29, 2020

Help with XSSI exploitation

Related Topics