xss – Page 13 – WindowsTechs.com

Control cookies with XSS by adding set-cookies inside a html code?

Posted on January 28, 2023 by herzallah aymen

I was doing some challenges in portswigger, when I stumbled accross this xss exploit in a csrf lab solution :
<img src="https://YOUR-LAB-ID.web-security-academy.net/?search=test%0d%0aSet-Cookie:%20csrf=fake%3b%20SameSite=None"… Continue reading Control cookies with XSS by adding set-cookies inside a html code?→

How do browsers defend the user against XSS?

Posted on January 19, 2023 by Loresim

I’m learning about the different mitigations employed by browsers against XSS vulnerabilities.
Let’s say, the developer made a mistake and there is a XSS vulnerability on a site. Unfortunately, a hacker exploited the vulnerability and is a… Continue reading How do browsers defend the user against XSS?→

Is this code vulnerable to XSS? [closed]

Posted on January 19, 2023 by striker00

var elem = document.createElement(untrustedinput1);
elem.style.paddingLeft = untrustedinput2;

I am just wondering if it’s possible to pass XSS payloads via tags while creating an element in Javascript.

Continue reading Is this code vulnerable to XSS? [closed]→

Jsoup XSS attack with URL encoded input

Posted on January 15, 2023 by Yuval Simhon

I’m having a Spring Web Application that exposes REST APIs.
I have implemented XSS filter using Jsoup that strips the input using Safelist.NONE.
The penetration testing team raised a concern where the input field content is URL encoded, th… Continue reading Jsoup XSS attack with URL encoded input→

Storing auth token in html

Posted on January 6, 2023 by sam

Current projects webs application utilises a cookie based approach to store users auth token. Implemented with secure and http-only attributes set. All traffic over https. The application loads third party javascript from a range of extern… Continue reading Storing auth token in html→

Client-side Javascript injection by assinging the output of window.location.href.substr to a variable

Posted on January 5, 2023 by jne

Sample code:
function winLoad() {
var sessionId = ”;
if (window.location == window.top.location) {
var semicolonIndex = window.location.href.indexOf(‘;’);
if (semicolonIndex != -1) {
var questionMarkInd… Continue reading Client-side Javascript injection by assinging the output of window.location.href.substr to a variable→

Can I use a ServiceWorker to prevent an XSS attacker from gaining access to private user data?

Posted on December 30, 2022 by bennlich

I run a small blogging platform, and I want my users to be able to embed javascript that runs on their blogs (to manipulate the DOM, etc. as you might if you were hosting your own website). However, I do not want them to be able to:

acces… Continue reading Can I use a ServiceWorker to prevent an XSS attacker from gaining access to private user data?→

Vulnerabilities in img src

Posted on December 28, 2022 by The Modern Gamer

It is known that in modern browsers you can’t run XSS in img src(assuming quotes are escaped), because neither javascript: protocol, nor svg will execute the code. But does it mean that trusted data with filtered quotes is unable to cause … Continue reading Vulnerabilities in img src→

Can someone bypass this XSS filter

Posted on December 14, 2022 by rudeus123

During our Red/Blue team practice my friend made a web forum application where people can post messages.
What he did was filtering:

The equal sign
The key words: "javascript", "alert", "url"
Some keywords tha… Continue reading Can someone bypass this XSS filter→

Which XSS script elements can bypass this function? [closed]

Posted on December 6, 2022 by user286438