Collaborate Disseminate
Im fixing some security issues that AppScan found on my Angular Application, one of them is the insecure use of "setAttributeNS()"
I use this method in my application to inject some namespaces in the correct htmlElemnt
I have rea… Continue reading setAttributeNS XSS Vulnerability
I have a java web app. I’m using OWASP Java Encoder to encode for html, javascript and url components to mitigate reflected XSS. I’m new to this so I’m not sure on how to test on my web app for the following scenarios where there’s no dire… Continue reading How do I test for Reflected XSS in webpage titles, url parameters and javascript variables?
I have a java web app. I’m using OWASP Java Encoder to encode for html, javascript and url components to mitigate reflected XSS. I’m new to this so I’m not sure on how to test on my web app for the following scenarios where there’s no dire… Continue reading How do I test for Reflected XSS in webpage titles, url parameters and javascript variables?
I have a question regarding the element. I know that this element has been deprecated for a long time, but during a penetration test, we inserted the following attack vector into a textarea:
<plaintext onmouseover="(function(){ co… Continue reading Is <plaintext> vulnerable to XSS
I encounter a scenario which the attacker create a .jpg file containing javascript code
and after uploading, the script will be executed on the browser while the .jpg file is displaying.
I configured all xss prevention settings on fortiweb… Continue reading Prevent XXS through file using WAF?
I have started to learn about all Website Vulnerabilities lately.
today I started a scan on a school website of my town with Acunetix and it have found some Xss Bug like this:
URI was set to "onmouseover=’nv7k(91772)’bad="
The … Continue reading The input is reflected inside Javascript code between single quotes
by trying the XSS room on THM, I try was trying to read the /etc/passwd using the following cmd:
<iframe src="/etc/passwd"></iframe>
However what I got is an error code as shown below
But I was be able to read from … Continue reading read etc/passwd using XSS
I don’t understand what – is in a XSS payload, as in -alert(1)-.
Is it one-line command execution?
Continue reading Can anyone say what is – in -alert(1)- payload? [closed]
I know reflected xss can be dangerous but how can we exploit it more rather than just a popup. For example, I got a popup with this payload
<IMG SRC=# onmouseover="alert(‘abc’);">
Now how can I craft this payload for furth… Continue reading Can anyone give a practical example of exploiting reflected xss?
What is the security impact of a Reflected XSS vulnerability on a state website involved in financial relations? There are no user profiles on this page and it serves as an information board and a place to download project applications.
… Continue reading Unclear security impact of a Reflected XSS vulnerability