- LeanRookie
- Posts : 5
Points : 25740
Reputation : 7
Join date : 2017-04-20
What is XSS? // Web Application #2
Sun Apr 23, 2017 7:09 pm
Follow me on instagram @localfileinclusion
--------------------------------------------------------------
Okay, Cross Site Scripting or (XSS) is a vulnerability found in Web Applications, Usually found on forums or (SearchBars). XSS uses something called (JavaScript). JavaScript or (JS) is a (HighLevel) Language. now let's cut to the fun part, there's many types of XSS we're going over the most famous 2
-------------------------------------------------------------------------------------------------------------------------------
1.Reflective XSS, rXSS is when you find a search bar for example and use a payload such as, <script>alert("XSS"), that's a basic script alert payload, now most websites sanitize "<script" so what we could do is something called a WAF bypass or Web Application Firewall Bypass, this payload would look like "><script>alert("XSS");</script> or my favorite vector the SVG <svg/onload=alert(xss)>
------------------------------------------------------------------------------------------------------------------------------------
2.Persistent XSS, pXSS would be self explanitory, it stays on that webpage, most people would use a vector like <script>alert("document.cookie")</script>, where would they put this you may ask? on somewhere people click on, so like a forum post, in the comment's if HTML characters aren't sanitized, you could really damage a forum
--------------------------------------------------------------------------------------------------------------------------------------
That'll conclude this topic, next topic will be a Mass XSS Scan tool.
follow @localfileinclusion on instagram for help,
Peace!
--------------------------------------------------------------
Okay, Cross Site Scripting or (XSS) is a vulnerability found in Web Applications, Usually found on forums or (SearchBars). XSS uses something called (JavaScript). JavaScript or (JS) is a (HighLevel) Language. now let's cut to the fun part, there's many types of XSS we're going over the most famous 2
-------------------------------------------------------------------------------------------------------------------------------
1.Reflective XSS, rXSS is when you find a search bar for example and use a payload such as, <script>alert("XSS"), that's a basic script alert payload, now most websites sanitize "<script" so what we could do is something called a WAF bypass or Web Application Firewall Bypass, this payload would look like "><script>alert("XSS");</script> or my favorite vector the SVG <svg/onload=alert(xss)>
------------------------------------------------------------------------------------------------------------------------------------
2.Persistent XSS, pXSS would be self explanitory, it stays on that webpage, most people would use a vector like <script>alert("document.cookie")</script>, where would they put this you may ask? on somewhere people click on, so like a forum post, in the comment's if HTML characters aren't sanitized, you could really damage a forum
--------------------------------------------------------------------------------------------------------------------------------------
That'll conclude this topic, next topic will be a Mass XSS Scan tool.
follow @localfileinclusion on instagram for help,
Peace!
Permissions in this forum:
You cannot reply to topics in this forum
|
|