Search
Display results as :
Advanced Search
Keywords

Latest topics
Call Of Duty IWSun Apr 30, 2017 12:43 amNate
A Brief Hacking IntroSat Apr 29, 2017 11:03 amAdmin
Request Hacking Tutorials HereSat Apr 29, 2017 10:11 amNate
New GTA CarsSat Apr 29, 2017 10:10 amNate
Selling Instagram TurboSat Apr 29, 2017 10:08 amNate
Sell/Trade @H**liganSat Apr 29, 2017 10:07 amNate
Selling 2 kiks and an @Sat Apr 29, 2017 10:05 amNate
@Memcmp's Spam Bot (Project X)Mon Apr 24, 2017 1:53 pmNate
Selling OGS Kiks Mon Apr 24, 2017 1:52 pmNate

Share
View previous topicGo downView next topic
Rookie
Rookie
Posts : 5
Points : 2390
Reputation : 7
Join date : 2017-04-20
View user profile

What is XSS? // Web Application #2

on Sun Apr 23, 2017 7:09 pm
Follow me on instagram @localfileinclusion
--------------------------------------------------------------
Okay, Cross Site Scripting or (XSS) is a vulnerability found in Web Applications, Usually found on forums or (SearchBars). XSS uses something called (JavaScript). JavaScript or (JS) is a (HighLevel) Language. now let's cut to the fun part, there's many types of XSS we're going over the most famous 2
-------------------------------------------------------------------------------------------------------------------------------
1.Reflective XSS, rXSS is when you find a search bar for example and use a payload such as, <script>alert("XSS"), that's a basic script alert payload, now most websites sanitize "<script" so what we could do is something called a WAF bypass or Web Application Firewall Bypass, this payload would look like "><script>alert("XSS");</script> or my favorite vector the SVG <svg/onload=alert(xss)>
------------------------------------------------------------------------------------------------------------------------------------
2.Persistent XSS, pXSS would be self explanitory, it stays on that webpage, most people would use a vector like <script>alert("document.cookie")</script>, where would they put this you may ask? on somewhere people click on, so like a forum post, in the comment's if HTML characters aren't sanitized, you could really damage a forum
--------------------------------------------------------------------------------------------------------------------------------------
That'll conclude this topic, next topic will be a Mass XSS Scan tool.
follow @localfileinclusion on instagram for help,
Peace!
View previous topicBack to topView next topic
Permissions in this forum:
You cannot reply to topics in this forum