reflected-xss – Page 6 – WindowsTechs.com

Drupal Core: Behind the Vulnerability

Posted on November 19, 2020 by Dor Tumarkin

Earlier this year, the Checkmarx Security Research Team conducted an investigation of the new version of Drupal Core (Drupal 9) – a content management system (CMS) written in PHP – uncovering several interesting issues whose technical details are worth… Continue reading Drupal Core: Behind the Vulnerability→

How to execute reflected xss in href tag?

Posted on October 15, 2020 by hassan ali

The url is
http://examble.com/test/?lang=en

The parameter (en) is reflected in the HTML page like this
herf="http://examble.com/about?lang=en">

so if I use this payload
‘"><script>alert("xss")&lt… Continue reading How to execute reflected xss in href tag?→

It’s possible to trigger a XSS in url context without this following caracter ‘ : ‘?

Posted on September 21, 2020 by Project777

I try to bypass a XSS filter to trigger a XSS in url context.
But the problem this following char is blacklist ‘ :’
The site allow the user to use some basic html balise like h1, h2, h3, p, a, u, etc …
The only potential vector attack i… Continue reading It’s possible to trigger a XSS in url context without this following caracter ‘ : ‘?→

How to add xss script to lable element

Posted on September 12, 2020 by ADHITHYA SRINIVASAN

i have a label element like below which allows user to input a text as a lable and i want to test xss injection by injecting a code into the label.
<label for="dafsjhfjksd"></label> and if i enter "> onclick=a… Continue reading How to add xss script to lable element→

XSS does not echo up even i have found site is vulnerable to xss

Posted on August 28, 2020 by sanath

i have used Burpsuite and XSpear to find vulnerablities but when send send xss payloads to the website query(q=) they just dont’t pop up the xss payloads
and another thing i have seen in the website source code is that it is xss protected … Continue reading XSS does not echo up even i have found site is vulnerable to xss→

Preventing open redirects / xss on a variable return url / iframe

Posted on July 30, 2020 by xsrf

Let’s assume I have a website where I have to either redirect the user to another URL or include another URL in an iframe, that is given by a GET parameter.
I cannot use HMAC when the URL is created. The site is designed to work with relat… Continue reading Preventing open redirects / xss on a variable return url / iframe→

XSS with -prompt`1`-

Posted on June 20, 2020 by Ananda Sai A

I was looking for xss vulnerabilities in a bitcoin exchange and came across a url like:
https://www.xyz.com/en/buy-crypto?cur=USD&cry=BTC&amount=500&ref=123456

I tried the standard cheat sheet to check for vulns in the ‘amount… Continue reading XSS with -prompt`1`-→

Reflected XSS in form action – understanding

Posted on June 20, 2020 by gaurav5430

I am trying to learn basics of web security vulnerabilities.
I have found a website, where on reset password, you get a link in the email with a token, and when you click this link, the webpage opens and the url is reflected in a form acti… Continue reading Reflected XSS in form action – understanding→

How was this mXSS on Google Search carried out?

Posted on June 11, 2020 by Fitz Watson

I was reading about bug bounties that have been reported in the past and this one caught my eye as it seemed interesting.

Mutation XSS in Google Search

According to what I could understand, this is what the attacker entered: <noscript… Continue reading How was this mXSS on Google Search carried out?→

How to come out of href attribute using xss?

Posted on June 10, 2020 by Fitz Watson

I was learning about XSS and found a website that takes my input say PAYLOAD and converts it to <a href = “example.com/search/PAYLOAD” > Link </a>

After hit and trial, I found that it HTML encodes “, ‘, < and > . Is ther… Continue reading How to come out of href attribute using xss?→