xss on personalized page

here's the deal, I've found couple of xss holes in a site. It works rather like gmail, i.e. you login with your email details and then you can edit your peronal page content. Now of course since I can get the xss only on my pages, it can't be exploited. Normally I'd try to exploit the vulnerability via csrf, i.e. make the person to send the necessary get requests, however all the variable input is properly verified with hash ids, so that isn't possible. So basically have you any alternatives to the csrf approach how could you make use of the vulnerability?

I'm not entirely sure what you mean, but, from what I gathered, could you not put in a redirection to your own site with the requests as well as a JS script to go back 2 history things history(-2) I think it is….

EDIT: Or you could set up an XSS shell inject the page with it and do whatever, execute your own JS steal the cookies etc.

SaMTHG wrote: I'm not entirely sure what you mean, but, from what I gathered, could you not put in a redirection to your own site with the requests as well as a JS script to go back 2 history things history(-2) I think it is….

that would be the regular way, the problem is that the arbitrary JS can be executed only when I login with my details, thus I can only redirect myself and steal my own cookies, which isn't that great :)

EDIT: Or you could set up an XSS shell inject the page with it and do whatever, execute your own JS steal the cookies etc.

Thanks for that, I have to look into it, never used it before…