Tags » XSS

So You Think You're Smart, Huh?

A recent post by Rob Graham can be found at http://blog.erratasec.com/2016/02/hackers-arent-smart-people-are-stupid.html. Some may be offended by it and I can see why. But I’m in part posting this to admit to suffering from said stupidity this week … and to provide some (I think) smart advice, both specific and general, AppSec and life related. 647 more words

Active XSS -Never Displaying Values from the Query String on Screen

Active XSS example – below is an example of active xss this is when the user themselves does something to inject malicious code into a website. 324 more words


Demonstrating Cross-Site Scripting Part 2

Persistent Cross-Site Scripting Attack.

A more serious attack on a web application using XSS involves an attacker storing HTML tags permanently in a web application. The surreptitiously injected HTML tags is then rendered onto a client browser without knowledge of the browser user nor the web application developer. 1,439 more words


Demonstrating Cross-Site Scripting Part 1

What is Cross-Site Scripting ?

The following is a good concise description of cross-site scripting according to Wikipedia:

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications.

1,302 more words

Just Learned: Self-XSS

Have you ever tried chrome inspector with Facebook? If so, I am sure you have seen this. This warning message is to help prevent Self-XSS scams. 108 more words


WP-Comment-Rating XSS Vulnerability


#Product : wp-comment-rating
#Exploit Author : Rahul Pratap Singh
#Version : 1.5.0
#Home page Link : http://codecanyon.net/item/wordpress-comment-rating-plugin/6582710
#Website : 0x62626262.wordpress.com
#Linkedin : … 148 more words


RSS Post Importer XSS Vulnerability


#Product : RSS Post Importer
#Exploit Author : Rahul Pratap Singh
#Version : 2.2.1
#Home page Link : https://wordpress.org/plugins/rss-post-importer/
#Website : 0x62626262.wordpress.com… 108 more words