reflected-xss – Page 13 – WindowsTechs.com

XSS inside SCRIPT tag where ", <,> and & are filtered.

Posted on September 27, 2017 by Ogglas

Is it possible to bypass an XSS filter where “, <,> and & are filtered? Some of the tags are filtered with HTML but some tags also gets removed. I don’t know if this can be used as a bypass somehow.

Characters tha… Continue reading XSS inside SCRIPT tag where ", <,> and & are filtered.→

Reverse shell using XSS

Posted on September 25, 2017 by user159765

If a certain web application is vastly vulnerable to XSS attacks, is it possible for the attacker to gain a reverse shell using an certain XSS payload without uploading any mallicous files to the web server? or should the own… Continue reading Reverse shell using XSS→

XSS inside anchor tag (<a>) without user interaction?

Posted on September 6, 2017 by Gari BN

Is it possible to inject a payload inside <a> tag such that the script runs without user interaction?

The injection is inside the href attribute. I can inject onmouseover or onclick attributes, but user interaction is required.

Th… Continue reading XSS inside anchor tag (<a>) without user interaction?→

How to do xss in html attribute [duplicate]

Posted on September 3, 2017 by m khan baloch

This question already has an answer here:

XSS inside HTML attribute where < and ” are filtered

1 answer

Following is t… Continue reading How to do xss in html attribute [duplicate]→

JS bug is stopping xss payload to exeute

Posted on August 23, 2017 by Aayush

The XSS vector is at the * but the function issue_type is not declared hence my payload is not getting executed.

following is the instance of the vulnerable code:-

<select name=”sub_subissues” id=”_subsubissues” onchang… Continue reading JS bug is stopping xss payload to exeute→

XSS in Search bar

Posted on August 21, 2017 by mayoub01

I have found Reflected XSS and HTML Injection vulnerability in the Search bar. Are there valid bugs? And I have already tried many payloads but <script></script> does not execute and it totally escapes, may be due… Continue reading XSS in Search bar→

Is reflected XSS still relevant today?

Posted on July 2, 2017 by Gigi

I’ve been learning more about XSS (for the unfamiliar, Excess XSS is a great resource). I opted to get my hands dirty and give Reflected XSS a try on a local environment. I set up a very simple vulnerable PHP page running on … Continue reading Is reflected XSS still relevant today?→

Why is an XSS payload in the address bar executed?

Posted on August 8, 2014 by malloc

I was playing with OWASP Mutillidae II and in one page I’ve found a vulnerability. In the address bar I’ve wrote something like this:

127.0.0.1/…/?page=text-file-viewer.php/”><script>alert(“test”);</script>

The alert b… Continue reading Why is an XSS payload in the address bar executed?→