reflected-xss – Page 10 – WindowsTechs.com

Why the following XSS vectors work without closing bracket?

Posted on October 28, 2018 by Yatin Mehandiratta

The following XSS injections will execute without the accompanying closing tag (see this demo):

<body/onload=alert(1)
<svg/onload=alert(1)
<iframe/onload=alert(1)

I just need to know why these work, any documentat… Continue reading Why the following XSS vectors work without closing bracket?→

Are unescaped backslashes dangerous in terms of XSS?

Posted on October 11, 2018 by David

I thought the \ (backslash) character was a dangerous character that you needed to filter out/properly encode to protect against XSS attacks (OWASP says so, too), and I still do, but why?

I found a website that stores the se… Continue reading Are unescaped backslashes dangerous in terms of XSS?→

Cross-Site Scripting exploiting

Posted on September 29, 2018 by user187733

I am experimenting with cross-site scripting. I have a website that provides a feature called “Follow” a site in order to get updates on site’s activity in your newsfeed. One way to follow a site is to click on the “Follow” b… Continue reading Cross-Site Scripting exploiting→

How can I steal all cookies from reflected XSS?

Posted on September 21, 2018 by Yosua Kristanto

I just found a website with a XSS vulnerability. When I visit the following URL, a pop up occurs:

https://example.com/article/HALLOWEEN”><script>alert(1);</script>

I have a cookielogger.php on my server with this code, so… Continue reading How can I steal all cookies from reflected XSS?→

Is this code vulnerable to Reflected XSS?

Posted on September 10, 2018 by sam

I’m doing a pentest and came by this code:

(function() {
var subdomain = (function() {
var query = /[?&]css=([^&#]*)/i.exec(window.location.search);
if(query) {
return q… Continue reading Is this code vulnerable to Reflected XSS?→

XSS vulnerability through burp suite

Posted on August 31, 2018 by Dhananjay

I am getting a XSS vulnerability through burp suite but when I inject script manually I don’t get the XSS vulnerability.

Is this a reportable vulnerability?

Continue reading XSS vulnerability through burp suite→

What are some ways to execute a reflected XSS attach

Posted on August 23, 2018 by harrys

I was wondering how many different methods exist for executing XSS attacks.

In just about every demonstration I see, the attack is triggered in one of the below 3 ways:

By entering the script into an input field. The front… Continue reading What are some ways to execute a reflected XSS attach→

Reflected XSS testing [duplicate]

Posted on August 12, 2018 by user183535

This question already has an answer here:

Bypassing <, > XSS filter

1 answer

If there is no input on a HTML page.
H… Continue reading Reflected XSS testing [duplicate]→

XSS with URL encoding

Posted on July 26, 2018 by Rifat Shommo

If a website URL gets encoded then is the website still vulnerable to XSS or no?

For example, if I try <script>alert(1)</script> and the site URL encodes my payload to %3Cscript%3Ealert(1)%3C%2Fscript%3E does this mean the sit… Continue reading XSS with URL encoding→

Why is unsanitized output from ajax request bad?

Posted on July 26, 2018 by Adam McGurk

I know what I just described is a reflected XSS vulnerability. What I can’t figure out is why it is a vulnerability. Because the way I see it, a user can’t be directed to the attacker’s content because the AJAX is executed wi… Continue reading Why is unsanitized output from ajax request bad?→