reflected-xss – WindowsTechs.com

XSS against improper character sanitization

Posted on June 9, 2024 by arian_lrd

I have the following code from an XSS challenge and I’ve been told that it’s vulnerable to XSS. And the hint to the question points to https://html.spec.whatwg.org/multipage/parsing.html#tag-open-state
<script>
let input = (new URL(l… Continue reading XSS against improper character sanitization→

how to send cookies or token in local storage to a remote server using reflected XSS

Posted on March 25, 2024 by Anonymous

I have an XSS vulnerability identified by <script>alert(1);</script> in the url.
So when I put it in the url it gets executed (ex: www.example.com/admin/<script>alert(1);</script> ).
I also tried after loggin in, an… Continue reading how to send cookies or token in local storage to a remote server using reflected XSS→

Does CSP protect against XSS in url?

Posted on March 11, 2024 by Anonymous

If I have a web app that is vulnerable to XSS in the url (reflected XSS), does CSP protect against this type of XSS?
Ex: when I run www.example.com/<script>alert(1);</script> in the browser, this will trigger a popup message.

… Continue reading Does CSP protect against XSS in url?→

Input field removing HTML tags when getting saved [closed]

Posted on September 1, 2023 by RAHUL RAWAT

I’m practicing XSS and there is one case where if I’m saving <script>alert(1)</script> the alert is popping up, but when it gets saved and I re-load the page I see only alert(1) and next refresh removes alert(1) also.
Is there … Continue reading Input field removing HTML tags when getting saved [closed]→

XSS: bypassing html entity encoding of <,>,& characters [duplicate]

Posted on August 3, 2023 by Pascal3366

I am currently testing a webapplication that is sanitizing user input by html entity encoding special characters.
E.g. <script>alert(1)</script> becomes <script>alert(1)</script>
also the & symbo… Continue reading XSS: bypassing html entity encoding of <,>,& characters [duplicate]→

XSS in document.write(location.href)

Posted on June 26, 2023 by J Heschl

Let’s say a website contains the following <script> tag and does not have a CSP blocking any execution here.
<script type="text/javascript">
document.write(location.href)
</script>

At first glance, this code … Continue reading XSS in document.write(location.href)→

Reflected XSS but no Content-Type is specified

Posted on June 25, 2023 by ksenia pi

I have found parameter that simply reflects into response body, but no Content-Type is specified by server. It doesn’t use any XSS-protection mechanisms like CSP or X-XSS-Protection. However, I was not able to fire payload in up-to-date Ch… Continue reading Reflected XSS but no Content-Type is specified→

Is XSS possible in the value field of input tag?

Posted on June 17, 2023 by zohaib zafar

Let’s say that I have a website with the following code in it:
<input type="search" id="edit-keys" name="keys" value="$query">
With $query being the input reflected parameter here, I wish to l… Continue reading Is XSS possible in the value field of input tag?→

With Response header having content-type: application/json, is it still possible to trigger XSS?

Posted on June 14, 2023 by warrior-oo7

The application is responding using the user supplied request but the content type is set as application/json. Is it possible to trigger still XSS?
This is a language neutral question, it can be Java,PHP,ASP,Node,Python, etc.
The X-Content… Continue reading With Response header having content-type: application/json, is it still possible to trigger XSS?→

Reflected XSS detected by Burp Suite not working

Posted on April 4, 2023 by Samuele Giovanetti

Burp Suite detected a reflected XXS, if I use the Repeater and send the request the payload shows up in the response unfiltered, but if I visit the url it gets filtered, is there a way to bypass it or make it work? Thank you (if I show the… Continue reading Reflected XSS detected by Burp Suite not working→