Collaborate Disseminate
While making a website I made an interesting mistake, and I’m wondering if this could be used to achieve XSS. I’ve come very close, but not quite.
I can put my user input into a string inside of a <script> tag. It looks something lik… Continue reading XSS inside of a javascript string, with unusual filter
I recently started working on adding custom code to HubSpot forms after their form is loaded via an iFrame. Initially, I was using the following code to access the iFrame to change it:
var form = window.docuemnt.querySelector("[data-r… Continue reading abiliity to change elements in HubSpot iFrame forms
I wanted to write a POC for XSS through POST method. After playing a lot with html form tags, I was finally able to construct a payload except for a single character "\n". XSS requires that character in order for it to work. Payl… Continue reading How to send a new line character "\n" through form tag in html
I am pretty sure below is an XSS attack due to no POST commands being used. Can someone please confirm and explain what attack is being performed in the code below?
Continue reading Need help determining if the following GET requests are XSS or CSRF [closed]
I have a XSS case that I would like to exploit as a proof of concept, however the payload seems to only be triggering when pasted in and not from the URL.
Basically, I have a search box which when pasting in the following XSS payloads trig… Continue reading XSS Triggers only when pasted in
I’m trying to do an XSS attack test on a website.
I am using " and <> just fine and I have managed to escape the string. Now I’m trying to send my own cookie to my server that saves it to a txt file.
I inject this code to send t… Continue reading How to bypass an XSS filter encoding single quotes?
I have started to learn about all Website Vulnerabilities lately.
today I started a scan on a school website of my town with Acunetix and it have found some Xss Bug like this:
URI was set to "onmouseover=’nv7k(91772)’bad="
The … Continue reading The input is reflected inside Javascript code between single quotes
Several answers on StackOverflow suggest that a C# object can be passed to JavaScript in ASP.NET MVC by the following:
<script type="text/javascript">
var obj = @Html.Raw(Json.Encode(Model));
</script>
This is vu… Continue reading Passing a C# object to Javascript in ASP.NET MVC
I’m building a website where users, among other things, can add embeds (YouTube, Google Forms, Airtable…) and show those embeds to other people. Embeds are snippets of HTML that can include <script> and <iframe>-tags.
It is i… Continue reading How do I safely host third-party Javascript code in an iframe?
I found a stored xss vulnerability on a comment section of a fun site and I wanted to steal cookies using xss attack.
So on my remote server I run an HTTP server with Flask using python where there is a script to steal the document.cookie … Continue reading Stored XSS cookie stealing, but a loop of redirection