Tags » XSS

Hacking Google for fun and profit

I have been doing bug bounties since September 2013(Asana was the first), participated and qualified in almost all bug bounties at least once. My bucket list had Facebook, Yahoo, Twitter, Dropbox, Github and 100+ such sites (including couple of… 615 more words

Bài 1: Kĩ thuật tấn công SQL injection và XSS (cross-site scripting)

1.    SQL injection

1.1.  SQL injection là gì?

  • SQL injection là kĩ thuật cho phép các kẻ tấn công thực hiện các lệnh thực thi SQL bất hợp pháp (mà người phát triển không lường trước được), bằng cách lợi dụng các lỗ hổng bảo mật từ dữ liệu nhập vào của các ứng dụng.
  • 1,719 more words

Cross-Site Scripting (XSS)

What is Cross-Site Scripting (XSS)?

The attacker injects their own script code into a trusted website. The website’s vulnerabilities are exposed, usually via JavaScript and sometimes via VBScript. 185 more words

Cross Scripting

Bypassing IE and Edge XSS Filters with Double Encoding

IE and Edge both uses a default XSS filter which is not powerful like the XSSAuditor(Webkit/Blink).
This is how the XSS filter is implemented.

(source: … 228 more words

Web Application Security

Cross Site Forgery Attack Prevention

What is CSRF ?

Cross-Site Request Forgery (CSRF) is a type of attack that occurs when a malicious web site, email, blog, instant message, or program causes a user’s web browser to perform an unwanted action on a trusted site for which the user is currently authenticated, CSRF exploits the trust that a site has in a user’s browser:  385 more words


XSS solution using blacklisting

What is black listing approach –
Define untrusted scripting character and encode(or remove) them from actual request


  • Many HTML features that allow scripting (e.x some part of page is generated by backend)
  • 57 more words

XSS to RCE - using WordPress as an example

Cross Site Scripting (XSS) is a type of client side vulnerability that arises when an application accepts user supplied input and makes it a part of the page without sanitizing it for malicious content. 659 more words