Tags » XSS

XSS DOM Exploitation

As in the previous post – this post expands on the process in which you send information entered into a webpage to an attacker hosted site. 177 more words

InfoSec

Persistent XSS and how to really exploit it.

I’ve seen many tutorials over the last few months regarding the good old: alert(‘XSS’) piece of XSS, but in essence this does very little for you – it just proves that the site is vulnerable to XSS. 202 more words

InfoSec

Using a broken img tag to create an XSS alert

This is just an example and can be manipulated and played with as you please, but I keep forgetting the format and would like to quickly reference this when required – so it’s for me…it’s for you too, but it’s for me..too: :) 8 more words

InfoSec

Anatomy of an Ad-based Clickjacker

UPDATE: it looks like this issue in Safari on iOS (see below) may have been addressed by release 10.3.

Cool. So I was browsing a super cool website the other day (rollcall dot com) in Safari on an iPhone and all of the sudden this happens: 1,090 more words

ASP.NET Core vs ataki typu XSS (OWASP Top 10 #3)

Użycie dowolnego tekstowego formatu reprezentacji danych niesie ze sobą pewne problemy.

Spróbujmy zbudować plik CSV z listą filmów nie wiedząc, że jednym z nich jest… 805 more words

Have fun with stored cross site scripting

Actually we can do lots of different things with XSS ; thought we always pop-up a message!  Anyway that’s enough for concept proofing rather than do more practically. 245 more words

WebApp Pentest