reflected-xss – Page 2 – WindowsTechs.com

XSS bypass in url

Posted on March 19, 2023 by Edward Akina

I have a website: https://bugbounty.com/test/"injection inside js", but " is escaped with \ and I’m trying to inject </script><script>alert() but https://bugbounty.com/test/</script><script>alert() re… Continue reading XSS bypass in url→

My XSS payload is not executing [closed]

Posted on March 8, 2023 by ilich262

After many attempts I managed to bypass the filters with this payload: <script>alert(5)</script>
I got this response
As you can see, the payload is correctly written but it doesn’t execute.
What can I do to make it … Continue reading My XSS payload is not executing [closed]→

My XSS payload is not executing [closed]

Posted on March 8, 2023 by ilich262

Why do you think this code isn’t firing?

Posted on January 29, 2023 by fiirat

I don’t have a lot of knowledge about xss so im kinda confused, why this is not popping up an alert box?

Continue reading Why do you think this code isn’t firing?→

Jsoup XSS attack with URL encoded input

Posted on January 15, 2023 by Yuval Simhon

I’m having a Spring Web Application that exposes REST APIs.
I have implemented XSS filter using Jsoup that strips the input using Safelist.NONE.
The penetration testing team raised a concern where the input field content is URL encoded, th… Continue reading Jsoup XSS attack with URL encoded input→

Which XSS script elements can bypass this function? [closed]

Posted on December 6, 2022 by user286438

How to turn this particular HTML rendering into a XSS or open redirection

Posted on October 19, 2022 by Sai Dutt Mekala

I am performing penetration testing on a web application. Let’s say the site as "https://example.com"
There is a comment field , where a user can add data and it will be shown in the same page.
So I was trying multiple payloads a… Continue reading How to turn this particular HTML rendering into a XSS or open redirection→

How is this xss payload encoded? [closed]

Posted on September 14, 2022 by camila rodriguez

The payload is qwh9g(a)nz6y9.
I found that payload but can’t guess how it works but it is supposed to work as a reflected xss. I tried other payloads on the same directory but those don´t work.
It’s supposed to work at https://example.com/… Continue reading How is this xss payload encoded? [closed]→

DOM XSS only works when I enter a command in the console [closed]

Posted on September 1, 2022 by RachelKele

I think I have a working DOM XSS attack, but it only works when I run this command in the console:

document.write("<OPTION value=1>"+decodeURIComponent(document.location.href.substring(document.location.href.indexOf("… Continue reading DOM XSS only works when I enter a command in the console [closed]→

Reflected DOM XSS Portswigger Lab

Posted on August 24, 2022 by kgngkbyrk

I’m a total beginner and im trying to solve Portswigger Academy labs. I’m studying on XSS right now and im stuck in somewhere.

Lab Details:This lab demonstrates a reflected DOM vulnerability. Reflected DOM vulnerabilities occur when the s… Continue reading Reflected DOM XSS Portswigger Lab→