Category Archives: Blind XSS

Breaching a CA – Blind Cross-site Scripting (BXSS) in the GeoTrust SSL Operations Panel Using XSS Hunter

Posted on by

This is a continuation of a series of blog posts which will cover blind cross-site scripting (XSS) and its impact on the internal systems which suffer from it. Previously, we’ve shown that data entered into one part of a website, such as the account information panel, can lead to XSS on internal account-management panels. This… Read More Continue reading Breaching a CA – Blind Cross-site Scripting (BXSS) in the GeoTrust SSL Operations Panel Using XSS Hunter

Poisoning the Well – Compromising GoDaddy Customer Support With Blind XSS

Posted on by

This is the first part of a series of stories of compromising companies via blind cross-site scripting. As companies fix the issues and allow me to disclose them, I will post them here. Blind cross-site scripting (XSS) is an often-missed class of XSS which occurs when an XSS payload fires in a browser other than… Read More Continue reading Poisoning the Well – Compromising GoDaddy Customer Support With Blind XSS

XSS Hunter – A Modern Approach to Testing for Cross-site Scripting (XSS)

Posted on by

Cross-site Scripting (XSS) origins go (arguably) back to a lab in Microsoft in 1999. With the first disclosure of the issue titled “Malicious HTML Tags Embedded in Client Web Requests“, this research sparked an entire generation of an attack that somehow still seems to persist in modern web applications today. Despite this vulnerability being well-known… Read More Continue reading XSS Hunter – A Modern Approach to Testing for Cross-site Scripting (XSS)