xss – Page 26 – WindowsTechs.com

Securing a Websocket Connection in case of XSS Vulnerability

Posted on August 15, 2021 by litzy

Goal

Authenticate the Client via HTTP Request.
Authenticate the Client’s WebSocket connection.
Prevent exploitation of WebSocket connection(when a XSS Vulnerability is present on website).

How I’m doing this
Step 1 Client visits the webs… Continue reading Securing a Websocket Connection in case of XSS Vulnerability→

jQuery 1.11.3 XSS [closed]

Posted on August 14, 2021 by Animation

I scanned my wiki site scp-tcf.wikidot.com. The scan shows there is jQuery 1.11.3. I found that jQuery version has an XSS vulnerability.
But I can’t find the code and tutorial.
I found this:
<script>$.getScript("//domain")&… Continue reading jQuery 1.11.3 XSS [closed]→

Taking html, js, css input from the user

Posted on August 12, 2021 by RedZ

We are building a multitenancy web app with Laravel (+Blade), each user can create a store (tenancy), and have a control panel where they can edit the store settings and styling, to edit the store styling, we thought about letting the user… Continue reading Taking html, js, css input from the user→

Bypass <> XSS , site translate tags

Posted on August 11, 2021 by sudofarhad

I am working on site which returns URL’s argument into <title>URL ARGUMENT</title>, I am trying to bypass XSS filter but in response site just filter any of < > , # , " , ‘ , & this characters.
for example this i… Continue reading Bypass <> XSS , site translate tags→

Flask XSS prevention

Posted on August 10, 2021 by Steagee

I’m trying to fix a possible XSS vulnerability in WebApp (Flask) and I’m not sure what is the best way to prevent XSS without breaking functionality. For example, I have the following code block:
…
messages = db.execute("SELECT … Continue reading Flask XSS prevention→

Exploit an XSS without <> and valid encoding

Posted on August 10, 2021 by BeginnerDon'tExpert

I’m making a web penetration test, so I trying to exploit a XSS, I’ve looked that if I use a payload like the following:
<script>alert(document.domain)</script>

The output in the page will be
<script>alert(docume… Continue reading Exploit an XSS without <> and valid encoding→

How to exploit jquery vulnerability of website using older version of jquery?

Posted on August 5, 2021 by M Tabarik Asif

I got stuck on a jquery a vulnerability in a site (that I founded through an automatic scan). That site is using an old version of jquery which is vulnerable. But I don’t know how to exploit that vulnerability. The vulnerability is cve-202… Continue reading How to exploit jquery vulnerability of website using older version of jquery?→

Is it still XSS if it requires user input?

Posted on August 4, 2021 by Xss_is_fun

I have a web app which displays what I enter in an <input> field back as HTML, but it happens all client-side in the DOM after manual input, so it can’t be made into a URL which causes a payload to execute automatically.
For example,… Continue reading Is it still XSS if it requires user input?→

Is it better to disable X-XSS-Protection header or set the header as X-XSS-Protection: 0?

Posted on August 3, 2021 by user187205

Because X-XSS-Protection header is now not supported by major browsers I wonder what option is better, to delete this header or to set the header as X-XSS-Protection: 0?

Because browsers do not support this header I think the better optio… Continue reading Is it better to disable X-XSS-Protection header or set the header as X-XSS-Protection: 0?→

How to reliably detect Browser Exploitation Attacks with BeEF and other JavaScript hooking packages?

Posted on August 1, 2021 by Heimdall79

"Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use… Continue reading How to reliably detect Browser Exploitation Attacks with BeEF and other JavaScript hooking packages?→