Tags » XSS

XSS DOM Exploitation

As in the previous post – this post expands on the process in which you send information entered into a webpage to an attacker hosted site. 177 more words


Persistent XSS and how to really exploit it.

I’ve seen many tutorials over the last few months regarding the good old: alert(‘XSS’) piece of XSS, but in essence this does very little for you – it just proves that the site is vulnerable to XSS. 202 more words


Using a broken img tag to create an XSS alert

This is just an example and can be manipulated and played with as you please, but I keep forgetting the format and would like to quickly reference this when required – so it’s for me…it’s for you too, but it’s for me..too: :) 8 more words


Anatomy of an Ad-based Clickjacker

UPDATE: it looks like this issue in Safari on iOS (see below) may have been addressed by release 10.3.

Cool. So I was browsing a super cool website the other day (rollcall dot com) in Safari on an iPhone and all of the sudden this happens: 1,090 more words

ASP.NET Core vs ataki typu XSS (OWASP Top 10 #3)

Użycie dowolnego tekstowego formatu reprezentacji danych niesie ze sobą pewne problemy.

Spróbujmy zbudować plik CSV z listą filmów nie wiedząc, że jednym z nich jest… 805 more words

Have fun with stored cross site scripting

Actually we can do lots of different things with XSS ; thought we always pop-up a message!  Anyway that’s enough for concept proofing rather than do more practically. 245 more words

WebApp Pentest