xss – Page 12 – WindowsTechs.com

Validating XSS script with success response with expected data in REST API

Posted on February 21, 2023 by sowmiya

I am performing security testing on a REST API and it is a POST method. I injected an XSS script in a body parameter and the API responded with ‘200 success’ response with the actual expected data.
If the response is ‘200 OK’ and response … Continue reading Validating XSS script with success response with expected data in REST API→

I can’t get XSS to reverse shell

Posted on February 18, 2023 by Pwners

I am trying the security vulnerabilities found in proxmox on the proxmox that I installed on vmware. But I failed to get a reverse shell for XSS. I couldn’t understand what caused the problem.
Here he showed how to get a reverse shell from… Continue reading I can’t get XSS to reverse shell→

What exactly are Hidden HTTP Parameters?

Posted on February 14, 2023 by Just.a.tech

I read a lot of reports where ‘hackers’ potentially exploited a ‘Hidden HTTP Parameter’. There are also tons of tools which are developed for this exact purpose.
Example : https://blog.yeswehack.com/yeswerhackers/parameter-discovery-quick-… Continue reading What exactly are Hidden HTTP Parameters?→

Is there an XSS attack vector in this attribute based approach?

Posted on February 13, 2023 by Hyper

<input type="hidden" id="test" name="test" value="alert(1)">
<script>
document.test = test.value
</script>

When test.value gets evaluated I want it to execute javascript.
The exa… Continue reading Is there an XSS attack vector in this attribute based approach?→

What are the risks of XSS in this forms?

Posted on February 10, 2023 by Lynow

I recently developed a website that was operational for me ^^
However, someone came to try injections and found an XSS flaw.
I have a form like this:
<h2>
<span>Search</span>
</h2>

<div class "col-xs-12&… Continue reading What are the risks of XSS in this forms?→

Vulnerabilities in Popular DMS Products Can Expose Sensitive Documents

Posted on February 9, 2023 by Ionut Arghire

Multiple XSS vulnerabilities in popular document management system (DMS) products could allow attackers to access sensitive documents.

The post Vulnerabilities in Popular DMS Products Can Expose Sensitive Documents appeared first on SecurityWeek.

Continue reading Vulnerabilities in Popular DMS Products Can Expose Sensitive Documents→

CSP for Single Page App: Use client-side nonce for securing iframe content

Posted on February 7, 2023 by DarkTrick

Goal I’d like to tighten my Content Security Policy.
Situation
I have a single page react application (= All code and styles are bundled together into a bundle.js file). The file is simply placed on a file storage server (Concrete: S3 buck… Continue reading CSP for Single Page App: Use client-side nonce for securing iframe content→

XSS payload with html Encoding

Posted on January 31, 2023 by Shoaib Wani

I was reading about XSS Contexts on Portswigger and it has a section about the use of HTML-Encoding in bypassing input validation.
What i understand is :

The browser html decodes the entities before passing them to the javascript engine.
… Continue reading XSS payload with html Encoding→

Why do you think this code isn’t firing?

Posted on January 29, 2023 by fiirat

I don’t have a lot of knowledge about xss so im kinda confused, why this is not popping up an alert box?

Continue reading Why do you think this code isn’t firing?→

I clicked what looked like an Amazon email, but it (maybe) was from an Amazon affiliate. Ended up at Amazon.com anyway. Can I safely investigate?

Posted on January 29, 2023 by Moochcar

In a case of clicking too fast, I clicked on a picture that looked like it was from Amazon. However this was not the case. I did end up at Amazon, but I’m aware that other things could’ve taken place before I landed on the Amazon page. I … Continue reading I clicked what looked like an Amazon email, but it (maybe) was from an Amazon affiliate. Ended up at Amazon.com anyway. Can I safely investigate?→