xss – Page 16 – WindowsTechs.com

The Big List of Naughty Strings Helps Find Those User Input Problems

Posted on September 10, 2022 by Donald Papp

Any software that accepts user input must take some effort to sanitize incoming data, lest unexpected and unwelcome things happen. Here to make that easier is the Big List of …read more Continue reading The Big List of Naughty Strings Helps Find Those User Input Problems→

I have a widget used by clients as iframes, what security tests should I check for? [closed]

Posted on September 4, 2022 by John

I build a widget product and my clients consume it via iframes to show it on their websites:
<iframe style=’width:100%; height: 100%;border:none;"’ src=’path/myhtmlproduct.html’></iframe>

myhtmlproduct.html is calling som… Continue reading I have a widget used by clients as iframes, what security tests should I check for? [closed]→

XSS in href attribute

Posted on September 1, 2022 by ex7lted

I’m currently pentesting a website where I can set a URL on my profile.
I’m trying to get an XSS to fire, but my javascript knowledge is a bit limited for this use case:

Imagine this is your environment, and the only area you can edit is … Continue reading XSS in href attribute→

DOM XSS only works when I enter a command in the console [closed]

Posted on September 1, 2022 by RachelKele

I think I have a working DOM XSS attack, but it only works when I run this command in the console:

document.write("<OPTION value=1>"+decodeURIComponent(document.location.href.substring(document.location.href.indexOf("… Continue reading DOM XSS only works when I enter a command in the console [closed]→

Chrome patches 24 security holes, enables “Sanitizer” safety system

Posted on August 31, 2022 by Paul Ducklin

24 existing bugs fixed. And, we hope, numerous potential future bugs prevented. Continue reading Chrome patches 24 security holes, enables “Sanitizer” safety system→

Is this code code vulnerable to XSS?

Posted on August 30, 2022 by Tikiyetti

I have a function that accepts the param url and passes it to exec()
function getQueryValue(url, name) {
name = name.replace(/[\[]/, "\\[").replace(/[\]]/, "\\]");
var results = new RegExp("[\\?&]"… Continue reading Is this code code vulnerable to XSS?→

Reflected DOM XSS Portswigger Lab

Posted on August 24, 2022 by kgngkbyrk

I’m a total beginner and im trying to solve Portswigger Academy labs. I’m studying on XSS right now and im stuck in somewhere.

Lab Details:This lab demonstrates a reflected DOM vulnerability. Reflected DOM vulnerabilities occur when the s… Continue reading Reflected DOM XSS Portswigger Lab→

Can you have an <iframe> tag with no spaces?

Posted on August 22, 2022 by ex7lted

I am looking to figure out how to create an iFrame tag without any spaces. I have found an input on a Bug Bounty program that reflects my input back into the page, and allows me to escape double quotes and an angle bracket. The page has X… Continue reading Can you have an <iframe> tag with no spaces?→

XSS payload to Send request to server without closing tag

Posted on August 17, 2022 by ShellyShubh Dev

I was testing a website which does not have XSS in their scope. So I thought it would be a good idea to escalate XSS to a bug which is valid. I need to make a request to my server but the problem is closing tag > or forward slashes / ar… Continue reading XSS payload to Send request to server without closing tag→

Difference Between Reflected XSS and Reflected-DOM XSS

Posted on August 12, 2022 by NoPurposeInLife

What’s the difference between Reflected XSS (RXSS) and Reflected-DOM XSS (RDOMXSS)? After some research, I think it can be concluded that Reflected-DOM XSS is:
Similarities:

The value is reflected by the target application

Characteristic… Continue reading Difference Between Reflected XSS and Reflected-DOM XSS→