4

I'm practicing stored XSS attacks on my vulnerable single page web application. I want to achieve some kind of DoS attack, where the page keeps reloading from the server.

I can easily inject window.location.reload(true);. The problem is that I can only insert it at a certain location, for example, www.myapp.com/test/, and because it is a single page application, it reloads that single HTML of the website, and starts the website at www.myapp.com/. Therefore, my attack is not repeated, since it needs to reload to www.myapp.com/test/ in order to call the reload or refresh method again.

Any ideas how DoS attack through XSS can be achieve in single page applications where the URL defaults to homepage after refresh?

Improve this question
4
  • What kind of XSS are you exploiting? Is it reflected (from URL) or stored (e.g. from database)? Commented Apr 21, 2016 at 7:27
  • @Anders Stored, I already managed it through AJAX, but if you also have any other method either for reflected or stored, I would be glad to hear. Commented Apr 21, 2016 at 7:28
  • Why not just window.location.href = "http://www.myapp.com/test";? Commented Apr 21, 2016 at 7:29
  • @Anders I already tried it, it doesn't do anything, it's not reloading the page, probably because I'm already at that URL. Commented Apr 21, 2016 at 7:31

2 Answers 2

Reset to default
0

Can you create a bunch of Iframes that each have a src of www.myapp.com/test/5? or a programmatically create a bunch of <img src="www.myapp.com/test/5">

Those iframes might end up being a ddos of the browser instead of the server but the img ones might work.

then there is ajax which you should be able to simply call in an endless loop and send requests from JavaScript to myapp.com/test/5

This is from a jsfiddle (source) that calls a URL 5 times (what if it called it 50000 times?):

var counter = 0;

window.getData=function()
{
    $.ajax({
        url:'http://whisperingforest.org/js/getQuote.php',
        async: true,
        dataType: 'jsonp',
        success:function(data){
            $('.quoteList').append('<li>' + data +'</li>');
            counter++;
            if (counter < 5) getData();
        }
    });
}
Improve this answer
2
  • I can insert as many img and iframe elements as I want. But, I don't see the point here. I tried to insert for example 5 of these objects <img src="www.myapp.com/test/5">, and it just showed them as unloaded picture, cause clearly it couldn't find anything at that source to display as picture. And for iframes it just shows the error message of "address wasn't understood". I guess I should try the ajax method, or is there anything more to images and iframes? And the website doesn't use jQuery, so I should probably try xhttp. Commented Apr 20, 2016 at 21:24
  • each of those img tags should send a request that the server has to answer, even if it doesn't result in a valid image. Only your browser will know it isn't a valid image. The server has no way of knowing the request came from an img tag and will work on answering each one. For the jquery, you can call in an external jquery library using XSS. or go ahead and figure out the ajax calls without jquery like you said. Commented Apr 20, 2016 at 21:48
0

You can just run this code:

location.assign("http://www.myapp.com/test/");

I tried (on Chrome), and it reloads the page even if it gets passed the URL you are already on. And of course you can also use any of the tips @mcgyver5 suggests for loading resources with JavaScript.

Improve this answer

You must log in to answer this question.