appsec.fyi

A somewhat curated list of links to various topics in application security.

Cross-Site Scripting (XSS)

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.

From OWASP

ItemDate AddedLinkExcerpt
12025-08-14 04:07:30 UTCHunting Blind XSS on the Large Scale — Practical TechniquesThe content discusses practical techniques for identifying Blind Cross-Site Scripting (XSS) vulnerabilities on a large scale. Blind XSS occurs when the attacker cannot directly observe the effects of their injected script. The article likely provides strategies for detecting and exploiting Blind XSS vulnerabilities efficiently and effectively across numerous web applications or platforms.
22025-08-14 04:07:28 UTCMass Hunting Blind XSS Using XSSHunter Express Part 1The content appears to be about using XSSHunter Express for mass hunting blind XSS vulnerabilities. It seems to be part of a series focusing on this topic. The content is concise and does not provide specific details or insights beyond the title.
32025-08-14 04:07:24 UTCA Bunch of Web and XSS ChallengesThe content mentions a collection of challenges related to web and Cross-Site Scripting (XSS) vulnerabilities. It implies that there are various tasks or problems in this domain that users can engage with to test their skills and knowledge. The challenges likely involve identifying, exploiting, or mitigating web vulnerabilities, particularly XSS issues.
42025-08-14 04:07:22 UTCJS-Tap: Weaponizing JavaScript for Red TeamsThe content is about JS-Tap, a tool that leverages JavaScript for Red Teams. It focuses on using JavaScript for offensive security purposes, such as penetration testing and ethical hacking. The tool is designed to help Red Teams enhance their capabilities in assessing and improving the security posture of organizations. By weaponizing JavaScript, Red Teams can simulate real-world cyber threats and identify vulnerabilities in systems and networks.
52025-08-14 04:07:14 UTChttps://infosecwriteups.com/bypassing-character-limit-xss-using-spanned-payload-7301ffac226eThe content discusses a technique to bypass character limits in Cross-Site Scripting (XSS) attacks using a spanned payload. By breaking the payload into smaller parts and using HTML span tags, attackers can evade character restrictions imposed by input fields, allowing them to execute malicious scripts on vulnerable websites. This method enables the injection of longer payloads while avoiding detection, making it a valuable tool for attackers seeking to exploit XSS vulnerabilities.
62025-08-14 04:07:00 UTCExploit NotesThe content provided is simply the title "Exploit Notes" without any additional information or context. It appears to be a placeholder or a heading for a document or notes related to exploiting vulnerabilities or weaknesses in a system or software. Without further details, it is unclear what specific information or insights the "Exploit Notes" may contain.
72025-08-14 04:06:47 UTChttps://medium.com/bugbountywriteup/chaining-self-xss-with-ui-redressing-is-leading-to-session-hijacking-pwn-users-like-a-boss-efb46249cd14?source=userActivityShare-90814179aa21-1524844320The content discusses a security vulnerability involving chaining self-cross-site scripting (XSS) with UI redressing, leading to session hijacking. By exploiting this vulnerability, attackers can manipulate user interfaces to trick users into performing actions that compromise their accounts. The article details how this technique can be used to gain unauthorized access to user sessions and provides insights on how to prevent such attacks.
82025-08-14 04:06:41 UTChttps://medium.com/@yassergersy/xss-to-session-hijack-6039e11e6a81?source=userActivityShare-90814179aa21-1523676165The content discusses how a Cross-Site Scripting (XSS) vulnerability can be exploited to hijack user sessions. It explains the process of injecting malicious scripts into a website to steal session cookies, allowing an attacker to impersonate the victim. The article emphasizes the importance of preventing XSS attacks through proper input validation and output encoding. It also highlights the significance of using secure coding practices to protect against session hijacking and other security threats.
92025-08-14 04:06:37 UTCXSS Cheat Sheet - Brute XSSThe content is a brief mention of an XSS Cheat Sheet focusing on Brute XSS attacks. XSS (Cross-Site Scripting) is a type of security vulnerability commonly found in web applications. Brute XSS refers to a method of attacking web applications by repeatedly trying different XSS payloads to exploit vulnerabilities. The mention of a cheat sheet implies a resource that likely contains a collection of XSS payloads and techniques that can be used for testing and exploiting XSS vulnerabilities in web applications.
102025-08-14 04:06:35 UTCssl/ezXSS: ezXSS is an easy way for penetration testers and bug bounty huntThe content mentions "ssl/ezXSS," a tool called ezXSS designed for penetration testers and bug bounty hunters. It is described as an easy-to-use solution for these professionals to identify security vulnerabilities and weaknesses in web applications. The tool likely assists in finding cross-site scripting (XSS) vulnerabilities, a common security issue in web applications.
112025-08-14 04:06:26 UTCXSStrike - Detect and exploit XSS vulnerabilites - Hack4Net ☠XSStrike is a tool designed to detect and exploit cross-site scripting (XSS) vulnerabilities. It is used for testing the security of web applications by identifying and exploiting XSS weaknesses. XSStrike is a valuable resource for cybersecurity professionals and ethical hackers to assess and strengthen the security of websites and web applications. The tool is available on Hack4Net, a platform that provides various hacking tools and resources. XSStrike's capabilities include scanning for XSS vulnerabilities and executing attacks to demonstrate potential risks to website owners and developers.
122025-08-14 04:06:14 UTCBrowser's XSS Filter Bypass Cheat SheetMasatokinugawa / filterbypass wikiThe content is a reference to a cheat sheet created by Masatokinugawa on the filterbypass wiki, detailing techniques to bypass XSS (Cross-Site Scripting) filters implemented in web browsers. This cheat sheet likely contains methods and tricks to evade or circumvent security measures designed to prevent malicious script injections on websites. It serves as a resource for individuals interested in understanding and potentially exploiting vulnerabilities in XSS filters for security testing or research purposes.
132025-08-14 04:06:11 UTCXSSer automated framework to detect, exploit and report XSS vulnerabilitiesXSSer is an automated framework designed to identify, exploit, and report cross-site scripting (XSS) vulnerabilities. It streamlines the process of detecting and exploiting XSS vulnerabilities, making it easier for security professionals to identify and address these issues efficiently. By automating these tasks, XSSer helps enhance the security of web applications by identifying potential vulnerabilities and providing reports on them.
142025-08-14 04:06:09 UTCXSSight - Automated XSS Scanner And Payload Injector - GBHackers On SecuritXSSight is an automated XSS scanner and payload injector featured on GBHackers On Security. It is a tool designed to detect and exploit cross-site scripting vulnerabilities in web applications. XSSight streamlines the process of identifying XSS flaws and injecting payloads to test the security of websites. This tool can help security professionals and ethical hackers in finding and addressing XSS vulnerabilities efficiently.
152025-08-14 04:06:07 UTChttps://sql--injection.blogspot.co.uk: XSS Cheat SheetThe content is a XSS (Cross-Site Scripting) Cheat Sheet available on a blog dedicated to SQL injection. XSS is a type of security vulnerability found in web applications that allows attackers to inject malicious scripts into web pages viewed by other users. The cheat sheet likely contains a list of common XSS attack vectors and techniques to help security professionals and developers understand and prevent XSS vulnerabilities in their applications. The blog seems to be a resource for information on web security topics like SQL injection and XSS.
162025-08-14 04:06:01 UTCxss-polyglotsThe content provided is a title "xss-polyglots" without any additional information or context. It seems to refer to cross-site scripting (XSS) polyglots, which are payloads that can execute in multiple contexts or languages. The term may relate to security testing, web development, or cybersecurity.
172025-08-14 04:05:57 UTCasp.net - Bypass XSS blacklist "", "&" input nvarchar - Stack OverflowThe content discusses bypassing a Cross-Site Scripting (XSS) blacklist in ASP.NET by manipulating input containing characters like "", "&" when using the nvarchar data type. This issue was raised on Stack Overflow. The focus is on circumventing security measures to execute XSS attacks by exploiting vulnerabilities in the input handling process.
182025-08-14 04:05:55 UTCStealing passwords from McDonald's users - Tijme GommersThe content provided is a title mentioning the act of stealing passwords from McDonald's users, attributed to Tijme Gommers. It implies that there may be a security breach or unethical behavior targeting McDonald's customers' passwords. The summary is concise and does not provide further details or context about the incident.
192025-08-14 04:05:53 UTCtunz/js-vuln-db: A collection of JavaScript engine CVEs with PoCs"tunz/js-vuln-db" is a repository that contains a collection of Common Vulnerabilities and Exposures (CVEs) related to JavaScript engines, along with Proof of Concepts (PoCs). This resource is likely designed to provide a centralized location for researchers and developers to access information about vulnerabilities in JavaScript engines and explore practical demonstrations of these vulnerabilities.
202025-08-14 04:05:41 UTCUber Bug Bounty: Turning Self-XSS into Good-XSS – Jack WhittonThe content appears to be about a bug bounty program at Uber where a security researcher named Jack Whitton discovered a way to turn a Self-XSS (Self Cross-Site Scripting) vulnerability into a Good-XSS (Cross-Site Scripting) vulnerability. This likely involves Whitton responsibly disclosing the vulnerability to Uber through their bug bounty program, highlighting the importance of ethical hacking practices and responsible disclosure to improve cybersecurity.
212025-08-14 04:05:39 UTCCross-Site Script Inclusion - A Fameless but Widespread Web Vulnerability CThe content discusses Cross-Site Script Inclusion (XSSI) as a prevalent web vulnerability despite being less known. XSSI poses a security risk by allowing attackers to include external scripts on a website, potentially leading to various malicious activities. This vulnerability is widespread and can be exploited to compromise user data and breach security measures on websites. It emphasizes the importance of addressing XSSI vulnerabilities to enhance web security and protect against potential cyber threats.
222025-08-14 04:05:33 UTCThe misunderstood X-XSS-ProtectionThe content seems to focus on the X-XSS-Protection header, which is a security feature designed to mitigate cross-site scripting (XSS) attacks on websites. However, the content itself is very brief and lacks specific details or explanations about the misunderstood aspects of the X-XSS-Protection header. It suggests that there may be misconceptions or confusion surrounding this security measure.
232025-08-14 04:05:29 UTCXSS HunterXSS Hunter is a tool used for detecting cross-site scripting (XSS) vulnerabilities in web applications. It helps security professionals identify and remediate XSS vulnerabilities by simulating attacks and capturing exploit attempts. XSS Hunter assists in understanding how attackers can exploit XSS vulnerabilities and provides insights into potential security weaknesses in web applications. By using XSS Hunter, security teams can proactively address XSS vulnerabilities and enhance the overall security posture of their web applications.
242025-08-14 04:05:21 UTCCross Site Scripting Payloads ≈ Packet StormThe content is brief and mentions "Cross Site Scripting Payloads" in relation to Packet Storm. It suggests that there may be a collection of Cross Site Scripting payloads available on the Packet Storm platform. This indicates that users can potentially access a variety of scripts designed to exploit Cross Site Scripting vulnerabilities.
252025-08-14 04:05:18 UTCAccurate XSS Detection with BurpSuite and PhantomJS - nVisium BlogThe content is about using BurpSuite and PhantomJS for accurate XSS detection, as discussed in a blog post by nVisium. These tools can help identify and prevent cross-site scripting vulnerabilities effectively. By combining the features of BurpSuite and PhantomJS, security professionals can enhance their ability to detect XSS issues in web applications. The blog post likely provides insights, tips, and techniques on how to leverage these tools for improved security testing and mitigation of XSS vulnerabilities.
262025-08-14 04:05:09 UTChttp://wocares.com/xsstester.phpThe content provided is a URL link to a website called "http://wocares.com/xsstester.php". The website appears to be an XSS (Cross-Site Scripting) tester, a tool used to detect vulnerabilities in web applications that could potentially be exploited by attackers. XSS vulnerabilities can allow malicious users to inject scripts into web pages viewed by other users. It is important for website owners and developers to regularly test for XSS vulnerabilities to ensure the security of their web applications.
272025-08-14 04:05:05 UTCweb application - Cross Site Scripting without special chars - InformationThe content discusses Cross Site Scripting (XSS) in web applications without the use of special characters. XSS is a security vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users. By exploiting this vulnerability without special characters, attackers can still execute harmful scripts. It is crucial for web developers to be aware of this issue and implement proper security measures to prevent XSS attacks, even without the use of special characters.
282025-08-14 04:05:04 UTCmandatoryprogrammer/xssless: An automated XSS payload generator written inThe content mentions "mandatoryprogrammer/xssless," which is an automated XSS payload generator. It is written in a programming language but does not specify which one. The tool is likely designed to assist in generating XSS payloads automatically, which can be useful for testing web applications for cross-site scripting vulnerabilities.
292025-08-14 04:05:01 UTCCollection of Cross-Site Scripting (XSS) Payloads ~ SmeegeSecThe content is a collection of Cross-Site Scripting (XSS) payloads compiled by SmeegeSec. XSS payloads are scripts injected into web applications to exploit vulnerabilities and execute malicious actions. This collection likely contains various XSS payloads that can be used for testing and understanding how XSS attacks work. It serves as a resource for security professionals and developers to enhance their knowledge of XSS vulnerabilities and prevention techniques.
302025-08-14 04:04:55 UTCWhat is Cross-site Scripting and How Can You Fix it?Cross-site scripting (XSS) is a security vulnerability where attackers inject malicious scripts into web pages viewed by other users. This can lead to theft of sensitive data or unauthorized actions. To fix XSS, developers should validate and sanitize user input, encode output data, use security headers, and employ Content Security Policy (CSP). Regular security audits and staying informed about the latest XSS techniques are also crucial. Preventing XSS requires a combination of secure coding practices, proper input validation, and ongoing vigilance to protect web applications from this common attack vector.
312025-08-14 04:04:53 UTCwww.vulnerability-lab.com/resources/documents/531.txtThe content provided is a URL link to a text document hosted on the vulnerability-lab website. The document itself is not included in the request, so the specific information it contains is unknown. It is important to exercise caution when accessing such links, as they may contain sensitive or potentially harmful information related to vulnerabilities or security issues.
322025-08-14 04:04:52 UTCUsing Javascript in CSS - Stack OverflowThe content seems to be a brief mention of using JavaScript in CSS on Stack Overflow. It suggests that JavaScript can be utilized within CSS on the Stack Overflow platform. However, the summary lacks specific details or explanations about how JavaScript can be integrated into CSS on Stack Overflow.
332025-08-14 04:04:47 UTCXSS (Cross Site Scripting) Prevention Cheat Sheet - OWASPThe content is a XSS (Cross Site Scripting) Prevention Cheat Sheet provided by the Open Web Application Security Project (OWASP). It likely contains guidelines, best practices, and techniques to prevent XSS attacks on web applications. OWASP is a well-known organization that focuses on improving the security of software. The cheat sheet is a concise resource that developers can refer to for preventing XSS vulnerabilities in their web applications.
342025-08-14 04:04:39 UTCLab: Reflected DOM XSS | Web Security AcademyThe content is about a lab exercise on Reflected DOM XSS in the Web Security Academy. This lab likely involves practicing identifying and exploiting reflected DOM-based cross-site scripting vulnerabilities. It provides hands-on experience for learners to understand how these vulnerabilities can be used by attackers to manipulate the Document Object Model (DOM) of a web page. The focus is on enhancing web security skills by learning how to prevent and mitigate such vulnerabilities.
352025-08-14 04:04:35 UTCTraining XSS MusclesThe content is very brief and lacks specific information. It appears to refer to training in Cross-Site Scripting (XSS) techniques, a common web security vulnerability. XSS attacks involve injecting malicious scripts into web pages viewed by other users. Training in XSS helps individuals understand how these attacks work and how to prevent them. It is crucial for web developers, security professionals, and anyone involved in web application security to be aware of XSS vulnerabilities and how to mitigate them effectively.
362025-08-14 04:04:15 UTCxss-payload-list/xss-payload-list.txt at master · payloadbox/xss-payload-liThe content appears to be a reference to a file named "xss-payload-list.txt" within a GitHub repository called "xss-payload-list" under the user "payloadbox." It seems to be related to cross-site scripting (XSS) payloads. The file may contain a list of XSS payloads or related information.
372025-08-14 04:04:03 UTChttps://github.com/terjanq/Tiny-XSS-PayloadsThe provided link leads to a GitHub repository named "Tiny-XSS-Payloads" created by terjanq. The repository likely contains a collection of small XSS (Cross-Site Scripting) payloads that can be used for testing and educational purposes. XSS vulnerabilities are a common security issue on websites, and having a repository of such payloads can help developers understand and prevent these vulnerabilities. It is recommended to explore the repository for more details on the specific payloads and their usage.
382025-08-14 04:04:01 UTCDocumenting the impossible: Unexploitable XSS labs | PortSwigger ResearchThe content is about "Unexploitable XSS labs" by PortSwigger Research. It likely discusses the challenges of documenting and dealing with XSS vulnerabilities that are deemed unexploitable. The article may explore the complexities of identifying and mitigating XSS flaws that are difficult to exploit, highlighting the importance of thorough documentation and research in cybersecurity practices.
392025-08-14 04:03:59 UTC$20000 Facebook DOM XSS : Vinoth KumarThe content appears to be a brief mention of a $20,000 reward offered by Facebook for discovering a DOM XSS vulnerability. The discovery was made by Vinoth Kumar. This type of vulnerability can allow attackers to manipulate a website's content and potentially compromise user data.
402025-08-14 04:03:57 UTChttps://link.medium.com/ou6vRdq313I'm unable to access external content such as the one you provided. If you can provide a brief overview or key points from the content, I'd be happy to help summarize it for you in 100 words or less.
412025-08-14 04:03:53 UTChttps://brutelogic.com.br/blog/testing-for-xss-like-a-knoxss/The content discusses testing for Cross-Site Scripting (XSS) vulnerabilities using a tool called Knoxss. It explains how Knoxss can automate the process of finding XSS vulnerabilities in web applications by analyzing input fields and responses. The tool can help identify potential security weaknesses and provide detailed reports to assist in fixing these issues. The article highlights the importance of proactive XSS testing to enhance the security of web applications and prevent malicious attacks. It also emphasizes the significance of continuous monitoring and testing to ensure robust protection against XSS vulnerabilities.
422025-08-14 04:03:51 UTChttps://research.securitum.com/xss-in-amp4email-dom-clobbering/The content discusses a security vulnerability known as XSS in AMP4Email through DOM clobbering. It explains how attackers can exploit this vulnerability to manipulate the Document Object Model (DOM) and execute malicious scripts in the context of the email client. The article provides technical details on how this attack works, including a step-by-step explanation of the exploit. It emphasizes the importance of understanding and mitigating such vulnerabilities to protect users from potential security risks associated with email clients that support AMP (Accelerated Mobile Pages) technology.
432025-08-14 04:03:49 UTCCross-Site Scripting (XSS) Cheat Sheet - 2023 Edition | Web Security AcademThe content is a Cross-Site Scripting (XSS) Cheat Sheet for 2023 from Web Security Academy. It likely provides valuable information and resources related to XSS vulnerabilities, prevention techniques, and best practices for web security. The cheat sheet is likely designed to assist developers and security professionals in understanding and mitigating XSS risks in web applications.
442025-08-14 04:03:47 UTCSponsor payloadbox/xss-payload-listThe content is a sponsorship message for the GitHub repository "payloadbox/xss-payload-list." This indicates that someone has financially supported the maintenance and development of this repository. The repository likely contains a list of XSS payloads used for testing and security purposes.
452025-08-14 04:03:45 UTChttps://ryanwise.me/intigriti-xss-challenge/The content appears to be a link to a webpage related to an XSS challenge hosted on the website ryanwise.me. The challenge likely involves testing for cross-site scripting vulnerabilities. It may provide an opportunity for participants to practice their skills in identifying and exploiting XSS issues. Participants can engage with the challenge to enhance their understanding of web security and potentially earn rewards or recognition for successfully completing the challenge.
462025-08-14 04:03:41 UTChttps://sylarsec.com/2018/12/09/show-me-thy-xss-abilities-polyglot/The content discusses cross-site scripting (XSS) vulnerabilities and polyglot payloads that can exploit them. It explores the concept of polyglot payloads, which are code snippets that can be interpreted differently by multiple programming languages, making them versatile for XSS attacks. The article provides examples of polyglot payloads and demonstrates how they can be used to bypass security measures and execute malicious scripts on vulnerable websites. It emphasizes the importance of understanding XSS vulnerabilities and using secure coding practices to prevent such attacks.
472025-08-14 04:03:39 UTCMaking XSS a bit more discoverable with KNOXSS - INFOSEC DIARIES – AN INTROThe content discusses using KNOXSS to enhance the discoverability of Cross-Site Scripting (XSS) vulnerabilities. KNOXSS is a tool that aids in identifying XSS vulnerabilities, making them more visible to security researchers. The article serves as an introduction to KNOXSS and its role in improving XSS detection within the realm of information security.
482025-08-14 04:03:37 UTChttps://labs.nettitude.com/blog/cross-site-scripting-xss-payload-generator/The content discusses a Cross-Site Scripting (XSS) payload generator tool available on the Nettitude Labs website. It explains how the tool can be used to create custom XSS payloads for testing and identifying vulnerabilities in web applications. The tool allows users to generate different types of XSS payloads, including those for bypassing filters and executing malicious scripts. The article emphasizes the importance of using such tools responsibly and ethically to enhance security practices and protect against XSS attacks.
492025-08-14 04:03:35 UTChttps://ardern.io/2019/06/20/payload-bxss/I'm sorry, but I cannot access external content or URLs. If you provide me with the main points or key ideas from the content, I'd be happy to help summarize it for you.
502025-08-14 04:03:33 UTChttps://sametsahin.net/posts/steal-csrf-tokens-with-simple-xss/The content discusses how Cross-Site Scripting (XSS) attacks can be used to steal Cross-Site Request Forgery (CSRF) tokens. By injecting malicious scripts into a vulnerable website, attackers can execute code on a victim's browser to retrieve CSRF tokens and perform unauthorized actions on behalf of the victim. The article highlights the importance of securing web applications against XSS vulnerabilities to prevent such attacks and protect user data. It emphasizes the need for developers to implement proper security measures to mitigate the risk of CSRF token theft through XSS exploits.
512025-08-14 04:03:25 UTChttps://github.com/RenwaX23/XSS-Payloads/blob/master/Without-Parentheses.mdThe content on the provided link contains a list of XSS payloads that can be used without parentheses. These payloads are designed to exploit vulnerabilities in web applications by injecting malicious scripts. The payloads are categorized based on their functionality, such as alerting messages, executing code, or bypassing filters. The list provides a variety of examples that can be used by security researchers and developers to test the security of their web applications and understand how XSS attacks can be carried out without the use of parentheses.
522025-08-14 04:03:23 UTChttps://link.medium.com/Ofelq8VpvVI'm unable to access external content such as the Medium article provided in the link. If you could provide a brief overview or key points from the article, I'd be happy to help summarize it for you in 100 words or less.
532025-08-14 04:03:21 UTChttps://link.medium.com/PuuLikMpvVI'm unable to access external content such as the one you provided. If you can provide a brief overview or key points from the content, I'd be happy to help summarize it for you in 100 words or less.
542025-08-14 04:03:15 UTChttps://portswigger.net/blog/xss-in-hidden-input-fieldsThe blog discusses how hidden input fields in web forms can be exploited for cross-site scripting (XSS) attacks. It explains how attackers can inject malicious scripts into hidden fields, which are not visible to users but can still execute when the form is submitted. This vulnerability can be used to steal sensitive information or perform unauthorized actions on behalf of the user. The article highlights the importance of validating and sanitizing all input fields, including hidden ones, to prevent XSS attacks.
552025-08-14 04:02:57 UTCDOM XSS IntroThe content is a brief introduction to DOM-based Cross-Site Scripting (XSS) without providing specific details or explanations. DOM XSS is a type of XSS attack that occurs when client-side scripts manipulate the Document Object Model (DOM) in a way that allows malicious scripts to be executed in a victim's browser. This summary captures the essence of the topic without delving into further details or examples.
562025-08-14 04:02:55 UTCReflected XSS via AngularJS Template Injection | HostingerThe content title mentions "Reflected XSS via AngularJS Template Injection" on Hostinger. This indicates a security vulnerability where attackers can inject malicious code into AngularJS templates, leading to cross-site scripting (XSS) attacks. The vulnerability allows attackers to execute scripts in the context of a user's browser, potentially compromising sensitive data or performing unauthorized actions on the affected website. It highlights the importance of securing web applications against such vulnerabilities to prevent exploitation and protect user data.
572025-08-14 04:02:33 UTChttps://medium.com/bugbountywriteup/how-i-found-a-xss-vulnerability-within-the-response-field-64a3b7d159ed?source=userActivityShare-90814179aa21-1528434838The content discusses how a security researcher discovered a cross-site scripting (XSS) vulnerability within a response field. The researcher explains the steps taken to identify and exploit the vulnerability, highlighting the importance of thorough testing and responsible disclosure. The article serves as a valuable resource for understanding XSS vulnerabilities and the process of reporting them for responsible disclosure.
582023-12-20 04:03:21 UTCXSSRF : The Matrimony of XSS and SSRF.The content discusses the concept of XSSRF, which is the combination of Cross-Site Scripting (XSS) and Server-Side Request Forgery (SSRF). This fusion poses a significant security risk by allowing attackers to manipulate server requests through XSS vulnerabilities. The term "matrimony" is used metaphorically to describe the dangerous union of these two attack vectors. The link provided likely leads to further information or resources on this topic.
592023-12-05 04:24:21 UTCA Bunch of Web and XSS ChallengesThe content discusses a collection of web and XSS challenges available at the provided link. These challenges likely involve testing and improving skills related to web security and cross-site scripting (XSS) vulnerabilities. Participants can engage with these challenges to enhance their understanding of web security practices and techniques. The challenges may offer practical scenarios for individuals to practice identifying and mitigating XSS vulnerabilities, a common threat in web applications. By participating in these challenges, individuals can develop their skills in securing web applications against potential attacks.
602023-11-02 16:23:13 UTCJS-Tap: Weaponizing JavaScript for Red TeamsThe content discusses JS-Tap, a tool that enables Red Teams to weaponize JavaScript for offensive security purposes. It allows for the creation of custom payloads and scripts to aid in penetration testing and security assessments. By leveraging JavaScript's capabilities, Red Teams can develop powerful tools for testing the security of systems and networks. This tool provides a valuable resource for security professionals looking to enhance their offensive security capabilities using JavaScript.
612023-10-31 12:47:38 UTCssrfThe content is a brief mention of "ssrf" with a link provided: https://ift.tt/vybYKpI. The acronym "ssrf" typically stands for Server-Side Request Forgery, a type of web security vulnerability. The link appears to lead to a specific resource related to ssrf, but without further context, the exact nature of the content is unclear.
622023-08-19 02:43:44 UTCGxss v3.0The content mentions Gxss v3.0 without providing any specific details. It appears to be a reference or link to version 3.0 of a software or product named Gxss. The link provided is https://ift.tt/MB4c2AJ. Further information about the features, updates, or purpose of Gxss v3.0 is not included in the content.
632023-03-17 11:58:30 UTCBypassing Character Limit - XSS Using Spanned PayloadThe content discusses bypassing character limits in XSS attacks by using a spanned payload. It suggests a method to circumvent restrictions on the length of input in XSS attacks by utilizing a span element. This technique allows attackers to inject malicious code beyond the usual character limits imposed by security measures. By exploiting this vulnerability, hackers can potentially execute harmful scripts on vulnerable websites.
642023-03-16 21:33:23 UTCXSS-PayloadsThe content titled "XSS-Payloads" likely provides a collection or repository of cross-site scripting (XSS) payloads. These payloads are commonly used in security testing to identify vulnerabilities in web applications. The link provided, https://ift.tt/H9f1Xeh, likely leads to a website or resource where users can access and utilize various XSS payloads for testing purposes. This content is valuable for security professionals, developers, and individuals interested in understanding and mitigating XSS vulnerabilities in web applications.
652023-02-14 04:48:41 UTCBeginner Guide To Exploit Server Side Request Forgery (SSRF) VulnerabilityThe content is a beginner's guide on exploiting Server Side Request Forgery (SSRF) vulnerabilities. SSRF is a type of security vulnerability that allows attackers to manipulate a server into making unauthorized requests on their behalf. The guide likely covers how SSRF vulnerabilities can be exploited, the potential risks they pose, and possibly includes steps or techniques for exploiting SSRF vulnerabilities. It aims to educate readers on this specific type of vulnerability and how it can be used by malicious actors to compromise systems.
662023-01-30 05:45:10 UTCThe XSS hunter's secret weaponThe content discusses a secret weapon for XSS hunters, which can be found at bxsshunter.com. This tool likely provides valuable resources or techniques for identifying and mitigating cross-site scripting (XSS) vulnerabilities. XSS hunters are individuals who search for and report XSS vulnerabilities in web applications to help improve security. The website mentioned may offer specialized tools or insights to aid XSS hunters in their work.
672023-01-30 05:45:09 UTCXssThe content provided is a link to a website named "XSS Report." The website likely focuses on cross-site scripting (XSS) vulnerabilities, a common security issue in web applications. XSS allows attackers to inject malicious scripts into web pages viewed by other users. The website may offer information, resources, or tools related to identifying and mitigating XSS vulnerabilities to help website owners secure their platforms against such attacks.
682021-04-11 16:20:23 UTCDigging Deep Into Dom XSSThe content provided is titled "Digging Deep Into Dom XSS" and only includes an introduction. The introduction likely sets the stage for discussing DOM-based Cross-Site Scripting (XSS) vulnerabilities. This type of vulnerability occurs when client-side scripts manipulate the Document Object Model (DOM) in an insecure way, allowing attackers to inject malicious scripts. The introduction may highlight the importance of understanding and mitigating DOM XSS vulnerabilities to protect web applications from exploitation.
692021-04-07 12:23:37 UTCThe Ultimate Guide to Finding and Escalating XSS Bugs | @BugcrowdThe content discusses Cross-Site Scripting (XSS), a prevalent vulnerability in web applications where attackers execute JavaScript in users' browsers. XSS severity varies from informative to critical. It is a dynamic bug class with significant implications.
702021-03-07 12:12:31 UTCGitHub - theinfosecguy/QuickXSS: Automating XSS using BashThe content discusses a GitHub repository called QuickXSS, created by theinfosecguy, which focuses on automating Cross-Site Scripting (XSS) using Bash scripting. Users can contribute to the development of this project by creating an account on GitHub.
712021-02-16 04:06:22 UTCRenwaX23/XSSTRON: Electron JS Browser To Find XSS Vulnerabilities AutomaticRenwaX23/XSSTRON is an Electron JS browser designed to automatically detect XSS vulnerabilities. It is available on GitHub for public access. The tool aims to streamline the process of identifying XSS vulnerabilities by leveraging Electron JS technology.
722021-02-14 06:12:32 UTCStored XSS in icloud.com — $5000The content does not provide any information related to a stored XSS vulnerability on icloud.com or the associated reward of $5000. It simply contains a casual greeting wishing well-being during difficult times.
732021-01-24 05:38:01 UTCHow JavaScript works: 5 types of XSS attacks + tips on preventing themThe content discusses five types of XSS (Cross-Site Scripting) attacks in JavaScript and provides tips on preventing them. It is part of a series exploring JavaScript and its components. The focus is on understanding the vulnerabilities that can be exploited through XSS attacks and offering preventive measures to enhance security.
742021-01-24 05:25:07 UTCStealing User Information Via XSS Via Parameter PollutionThe content does not provide any information beyond the mention of a tweet appearing in the author's news feed.
752020-06-15 12:43:43 UTC$20000 Facebook DOM XSS : Vinoth KumarThe content discusses a Facebook vulnerability related to DOM XSS, discovered by Vinoth Kumar, which could potentially lead to a $20,000 reward. It highlights the safe usage of the window.postMessage() method for cross-origin communication between Window objects. The post encourages further reading on postMessage and cross-domain communication through provided articles.
762020-06-06 13:37:07 UTCTop 500 Most Important XSS Cheat Sheet for Web Application PentestingThe content discusses the significance of Cross-Site Scripting (XSS) vulnerabilities in web applications and introduces the Top 500 Most Important XSS Cheat Sheet for Web Application Pentesting. XSS is a prevalent vulnerability that can be exploited widely. The cheat sheet likely contains essential information and techniques for identifying and mitigating XSS vulnerabilities during penetration testing.
772020-04-06 04:45:02 UTCUber Bug Bounty: Turning Self-XSS into Good-XSS – Jack WhittonThe content discusses the Uber Bug Bounty program and the concept of turning Self-XSS (Self Cross-Site Scripting) into Good-XSS. It highlights the importance of bug bounty programs in enhancing application security by incentivizing ethical hackers to identify and report vulnerabilities. The focus is on utilizing vulnerabilities like Self-XSS for positive outcomes, such as improving security measures. The article emphasizes the role of bug bounties in fostering a collaborative approach to cybersecurity and encourages ethical hacking practices to strengthen application security.
782020-04-04 21:04:32 UTCs0md3v/XSStrike: Most advanced XSS scanner.The content highlights XSStrike as an advanced XSS scanner available for contribution on GitHub by s0md3v. It is a tool designed to detect and prevent cross-site scripting vulnerabilities. Users can access and contribute to its development by creating an account on the GitHub platform.
792020-02-27 12:18:30 UTCXSS Cheat Sheet - Brute XSSThe XSS Cheat Sheet - Brute XSS is a comprehensive 40-page booklet containing over 100 Cross-Site Scripting payloads and techniques. It offers clear instructions for various scenarios to assist in dealing with modern XSS attacks effectively.
802020-02-24 12:12:45 UTCOpen-redirect to Account Takeover.The content discusses the author's first bug discovery, where they leveraged an open redirect vulnerability to achieve an Account Takeover. The author aims to share their experience and insights on how they escalated the open redirect issue to a more severe security breach.
812020-02-14 14:50:44 UTCSamesite by Default and What It Means for Bug Bounty HuntersThe blog post discusses the impact of the "SameSite by Default" attribute on bug bounty hunters. It highlights how this attribute affects the security landscape and the challenges it poses for security researchers. The authors, Filedescriptor, Ron Chan, and Edoverflow, likely provide insights into the implications of this attribute for bug bounty programs and the strategies that hunters may need to adapt to navigate these changes effectively.
822020-01-31 22:35:15 UTCCross-Site Script Inclusion - A Fameless but Widespread Web Vulnerability CCross-Site Script Inclusion (XSSI) vulnerabilities are widespread but often overlooked as they are not included in the OWASP Top 10 list. The key factors in identifying vulnerabilities are awareness and ease of discovery. XSSI poses a risk due to its prevalence and potential impact on web security.
832020-01-30 20:03:55 UTChttps://sametsahin.net/posts/steal-csrf-tokens-with-simple-xss/The content discusses how Cross-Site Scripting (XSS) attacks can be used to steal Cross-Site Request Forgery (CSRF) tokens. By injecting malicious scripts into a vulnerable website, attackers can trick users into unknowingly sending their CSRF tokens to the attacker's server. This can compromise the security of the website and allow attackers to perform unauthorized actions on behalf of the user. The article likely provides insights into how this attack can be executed and the potential risks associated with it.
842020-01-12 12:59:31 UTCTesting for XSS (Like a KNOXSS) - Brute XSSThe content discusses a step-by-step procedure for testing XSS vulnerabilities similar to KNOXSS. It aims to identify various XSS cases effectively by following the approach used by KNOXSS.
852019-12-02 12:36:37 UTCCORS Enabled XSS - Brute XSSMisconfigured CORS headers can lead to Cross-Site Scripting (XSS) attacks. Exploiting this in a one-page website with heavy JavaScript use can be beneficial. By manipulating CORS settings, attackers can trigger JavaScript in a target site, enhancing existing XSS scenarios. This technique leverages AJAX requests to load content seamlessly.
862019-11-18 15:17:36 UTCXSS in GMail's AMP4Email via DOM Clobbering - research.securitum.comThe content discusses a previously fixed XSS vulnerability in GMail's AMP4Email reported through Google's Vulnerability Reward Program in August 2019. The XSS exploit utilized a browser issue known as DOM Clobbering. The post serves as a write-up detailing the real-world exploitation of this vulnerability.
872019-10-07 15:16:18 UTCWhat is cross-site scripting (XSS) and how to prevent it?The content discusses cross-site scripting (XSS), explaining its definition, various vulnerabilities, and prevention methods. It aims to educate readers on understanding XSS, its risks, and steps to prevent it.
882019-09-15 04:08:04 UTCCross-site scripting - WikipediaThe content provided is a title mentioning "Cross-site scripting" on Wikipedia. This likely refers to a type of security vulnerability where attackers inject malicious scripts into web pages viewed by other users. Cross-site scripting can lead to various attacks, such as stealing sensitive information or session hijacking. It is a common issue in web applications that developers need to be aware of and protect against. For more detailed information, it is recommended to visit the Wikipedia page on Cross-site scripting.
892019-09-11 20:05:41 UTCXSS HunterThe content provided is simply the title "XSS Hunter." It appears to be a reference to a tool or concept related to Cross-Site Scripting (XSS) security testing. XSS Hunter is likely a tool used for detecting and testing XSS vulnerabilities in web applications. The tool may help security professionals identify and mitigate potential security risks related to XSS attacks.
902019-09-11 20:03:19 UTCThe misunderstood X-XSS-ProtectionThe content appears to be about the X-XSS-Protection header, a security measure designed to prevent cross-site scripting attacks. It seems to suggest that this security feature may be misunderstood or underutilized. The header helps protect websites by blocking malicious scripts from being executed in the user's browser. It is important for web developers to properly configure and implement this security measure to enhance the security of their websites and protect users from potential vulnerabilities.
912019-09-06 02:25:34 UTChttps://ryanwise.me/intigriti-xss-challenge/The content is likely about a XSS challenge hosted on the website https://ryanwise.me/intigriti-xss-challenge/. It may involve participants attempting to identify and exploit cross-site scripting vulnerabilities on the site to demonstrate their skills in web security. The challenge could be a learning opportunity for participants to practice identifying and mitigating XSS vulnerabilities, which are common in web applications. Participants may be encouraged to think creatively and test their knowledge of web security concepts through this challenge.
922019-08-30 02:21:08 UTCFile Upload XSS - Brute XSSThe content discusses exploiting file uploads to execute cross-site scripting (XSS) attacks, especially in user-restricted areas with profile picture uploads. It highlights the potential for finding developer errors and mentions self XSS as a vulnerability. The post emphasizes the various entry points for launching an attack through file upload XSS.
932019-08-28 02:35:26 UTCGitHub - hakluke/weaponised-XSS-payloads: XSS payloads designed to turn alert(1) into P1The content is about XSS payloads created to elevate the severity of a common alert message to a higher level, labeled as P1. These payloads can be accessed and contributed to on GitHub by creating an account.
942019-08-16 15:30:59 UTCMaking XSS a bit more discoverable with KNOXSS - INFOSEC DIARIES – AN INTROThe content introduces KNOXSS, a tool designed to enhance the discovery of Cross-Site Scripting (XSS) vulnerabilities. It aims to make XSS vulnerabilities more detectable and manageable for security professionals. The tool is discussed within the context of InfoSec Diaries, providing an introductory overview of its capabilities and usage in the field of information security.
952019-08-10 13:12:42 UTChttps://sylarsec.com/2018/12/09/show-me-thy-xss-abilities-polyglot/The content discusses the concept of Cross-Site Scripting (XSS) attacks and explores the use of polyglot payloads to bypass security measures. It highlights the importance of understanding XSS vulnerabilities and demonstrates how polyglot payloads can be used to execute malicious code across different contexts. The article provides insights into the technical aspects of XSS attacks and offers examples of polyglot payloads that can be used to exploit vulnerabilities in web applications. Overall, it serves as a resource for security professionals to enhance their knowledge and defenses against XSS attacks.
962019-07-31 11:43:21 UTCCross Site Scripting (XSS) - Payload Generator | Nettitude LabsLearn how to bypass challenging cross-site scripting (XSS) limitations using a new tool available in the XSS Payloads repository.
972019-07-25 04:44:19 UTChttps://ardern.io/2019/06/20/payload-bxss/I'm sorry, but I can't browse the internet or access specific URLs. If you provide me with the main points or key ideas from the content, I'd be happy to help summarize it for you in 100 words or less.
982019-05-19 09:08:09 UTCXSSed my way to 1000$ | I'm Gaurav NarwaniThe content seems to suggest that the author, Gaurav Narwani, has successfully exploited a cross-site scripting (XSS) vulnerability to earn $1000. This implies that Gaurav was able to identify and exploit a security flaw in a web application that allowed them to execute malicious scripts, potentially leading to unauthorized access or data theft. This highlights the importance of web security and the potential risks associated with XSS vulnerabilities.
992019-01-15 17:20:33 UTCExcess XSS: A comprehensive tutorial on cross-site scriptingThe content provides an in-depth tutorial on cross-site scripting (XSS), a common web security vulnerability. It likely covers topics such as the types of XSS attacks, how they occur, and methods to prevent them. XSS can allow attackers to inject malicious scripts into web pages, potentially compromising user data and security. Understanding XSS is crucial for developers to protect websites and web applications from such attacks.
1002018-12-31 12:33:23 UTCfoospidy/payloads: Git All the Payloads! A collection of web attack payloadThe content is about a GitHub repository called "foospidy/payloads" that contains a collection of web attack payloads. It is a resource for various types of web attacks and their payloads. The repository is focused on providing a comprehensive collection of payloads for security testing and research purposes.
1012018-09-15 19:31:32 UTCInto the Borg – SSRF inside Google production network | OpnSecThe content discusses a security researcher's findings of a Cross-Site Scripting (XSS) vulnerability in Google Caja, a tool for embedding code securely. The researcher reported the XSS in March 2018, and it was fixed by Google in May 2018. The article likely delves into the details of the vulnerability, its impact, and the process of reporting and fixing it within Google's production network.
1022018-08-14 18:20:31 UTCDOM-based XSS - The 3 Sinks - Brute XSSThe content discusses DOM-based XSS, a type of Cross-Site Scripting where malicious input is not from the server but executed on the client-side. Unlike source-based XSS, DOM-based XSS does not rely on server-side injection. The article delves into the concept of "The 3 Sinks" in this context.
1032018-08-14 16:19:22 UTCUnleashing an Ultimate XSS Polyglot · 0xSobky/HackVault WikiThe content is about a container repository called HackVault, created by 0xSobky for public web hacks. It invites contributions from users by allowing them to create an account on GitHub. The repository likely contains various hacks related to web security or other related topics.
1042018-08-13 18:43:50 UTCPayloadsAllTheThings/BRUTELOGIC-XSS-STRINGS.txt at master · swisskyrepo/PayThe content refers to a file named BRUTELOGIC-XSS-STRINGS.txt in the PayloadsAllTheThings repository on GitHub, maintained by the user swisskyrepo. This file likely contains a collection of XSS payloads or strings used for testing and identifying cross-site scripting vulnerabilities. It is part of a larger repository dedicated to various payloads and tools for security testing and research.
1052018-08-13 18:42:22 UTCXSS PayloadsThe content provided is concise and simply states "XSS Payloads." This likely refers to a topic related to Cross-Site Scripting (XSS) attacks, where malicious code is injected into a website to exploit vulnerabilities. XSS payloads are the specific scripts or code used in these attacks. The summary suggests a focus on understanding and potentially mitigating XSS vulnerabilities by studying and being aware of common XSS payloads.
1062018-07-30 21:02:04 UTCThe Real Impact of Cross-Site Scripting | DionachCross-site scripting (XSS) is a common and high-risk web application vulnerability often overlooked by developers and defenders. Dionach highlights instances where reporting XSS as critical is not always taken seriously by clients. XSS remains prevalent and poses significant risks to web security. Developers and organizations should prioritize addressing XSS vulnerabilities to enhance their web application security.
1072018-07-30 17:11:03 UTCCross site scripting XSSCross-Site Scripting (XSS) is a security vulnerability where attackers inject malicious scripts into web pages viewed by other users. This can lead to theft of sensitive data, session hijacking, or defacement of websites. XSS attacks can be stored, reflected, or DOM-based. Prevention methods include input validation, output encoding, and implementing Content Security Policy (CSP). Regular security audits and staying updated on security best practices are crucial to protect against XSS attacks.
1082018-07-30 17:10:56 UTCCross Site Scripting ( XSS)The content is an introduction to Cross Site Scripting (XSS), a type of security vulnerability commonly found in web applications. XSS occurs when attackers inject malicious scripts into web pages viewed by other users. These scripts can steal sensitive information, manipulate content, or redirect users to malicious sites. Preventing XSS involves validating and sanitizing user input, encoding output, and implementing security measures like Content Security Policy (CSP). Understanding XSS is crucial for developers to protect websites and users from potential attacks.
1092018-07-22 15:55:00 UTCGoogle Assistant Bug Worth $3133.7 !The content does not provide any information about a Google Assistant bug worth $3133.7. It simply starts with a greeting to hackers.
1102018-07-19 14:12:15 UTCHands On training | Google XSS GameThe content is about a hands-on training opportunity provided by Google through their XSS Game. This training likely involves practical exercises related to cross-site scripting (XSS) vulnerabilities. Participants can engage in interactive challenges to enhance their skills and understanding of web security. The XSS Game is a platform where individuals can test their knowledge and learn about identifying and mitigating XSS vulnerabilities. It offers a practical way to improve cybersecurity skills through hands-on experience.
1112018-07-15 17:44:46 UTC[HTML] 666 lines of XSS vectors, suitable for attacking an API - Pastebin.cThe content briefly mentions Pastebin.com as a popular tool for storing text online for a limited time. It does not provide any specific details about the content of the stored text, such as the mentioned 666 lines of XSS vectors suitable for attacking an API. The focus is on the general functionality and purpose of Pastebin.com as a text storage platform.
1122018-07-03 21:05:45 UTCReflected Client XSS at Amazon.comA bug at Amazon.com enables the theft of cookies from all Amazon domains, potentially redirecting visitors to a phishing login page. This reflected client XSS vulnerability poses a serious security risk by allowing unauthorized access to user data.
1132018-06-27 20:35:39 UTCReflected XSS on Stack OverflowThe content discusses a Reflected XSS vulnerability discovered on Stack Overflow by @newp_th. This type of vulnerability occurs when user input is not properly sanitized and allows malicious scripts to be executed in a victim's browser. It is important for websites to implement proper input validation and output encoding to prevent such attacks.
1142018-06-26 14:59:28 UTCHow to identify whether XSS is reflected or DOM based?The content provided is a title mentioning how to distinguish between reflected XSS and DOM-based XSS. It appears to be a Reddit post with 5 votes and 4 comments, but the actual details or methods for identifying the two types of XSS attacks are not included in the summary.
1152018-06-26 14:59:22 UTCDOM XSS IntroThe post titled "DOM XSS Intro" on Reddit has received 7 votes and 1 comment. It likely introduces readers to the concept of DOM-based Cross-Site Scripting (XSS), a type of security vulnerability. The post may provide information or discussion on how this vulnerability can be exploited in web applications.
1162018-06-26 14:59:14 UTCReflected XSS via AngularJS Template Injection | HostingerThe content is about a potential security vulnerability called Reflected XSS via AngularJS Template Injection. It seems to be a post on Reddit with 5 votes and 2 comments. The main focus is likely on discussing the risks and implications of this type of security issue within AngularJS applications.
1172018-06-26 14:59:08 UTCHow I Found Stored XSS in Yahoo!The content titled "How I Found Stored XSS in Yahoo!" has garnered 17 votes and 4 comments on Reddit.
1182018-06-26 14:59:02 UTCWhat is XSS? Cross-site Scripting ExplainedThe content is a Reddit post titled "What is XSS? Cross-site Scripting Explained" with 5 votes and 0 comments. It likely discusses the concept of Cross-site Scripting (XSS), a type of security vulnerability where attackers inject malicious scripts into web pages viewed by other users. The post may explain how XSS works, its impact on web security, and ways to prevent it.
1192018-06-26 04:39:07 UTCSelf-XSS + CSRF to Stored XSSRenwa from Kurdistan is excited to share their first write-up on infosec and Bugbounties.
1202018-06-26 04:38:40 UTCThe story behined the Strong XSS filter bypass!The content provided is a title mentioning a strong XSS filter bypass. However, the content is incomplete as it only includes a greeting "Hi All" without any further information or details about the bypass.
1212018-06-26 04:01:52 UTCDemonstrating Reflected versus DOM Based XSSThe content discusses a demonstration highlighting the differences between Reflected and DOM Based Cross-Site Scripting (XSS) vulnerabilities. It mentions that due to changes in the Heroku Juice Shop app, the script payload used in the demo no longer works, but other XSS payloads are still effective. The demonstration likely aimed to showcase the impact of XSS vulnerabilities and how they can be exploited in web applications.
1222018-06-15 19:26:38 UTCHow i converted SSRF TO XSS in jira.The content discusses the author's interest in Bug Bounty programs, particularly focusing on finding security vulnerabilities like Server-Side Request Forgery (SSRF) and Cross-Site Scripting (XSS) in Jira. The author highlights their dedication to discovering new and intriguing vulnerabilities, continuously improving their reconnaissance skills. The main focus is on converting an SSRF vulnerability into an XSS vulnerability within the Jira platform.
1232018-06-14 03:55:15 UTCRespect XSSThe content simply states "Respect XSS." This likely refers to Cross-Site Scripting (XSS), a type of security vulnerability in web applications. The message emphasizes the importance of acknowledging and addressing XSS vulnerabilities with respect and seriousness. It serves as a reminder to prioritize the security of web applications and handle XSS issues appropriately.
1242018-06-13 14:43:00 UTCHow I found a stored XSS on thousands of webshopsThe content discusses the discovery of a stored XSS vulnerability affecting thousands of webshops, which remains unresolved.
1252018-06-13 13:11:04 UTCCompromising CMSes with XSS - Brute XSSThe content discusses how Content Management Systems (CMSes) are vulnerable to XSS attacks due to their module installation features and the ability to track requests made by administrators. This vulnerability makes it easy to launch CSRF attacks against administrators by manipulating anti-CSRF tokens. The article highlights the risk of compromising CMSes using XSS techniques.
1262018-06-08 22:53:05 UTCXSS using meta TagsThe content mentions an invitation to join a social platform that allows users to earn money by engaging with posts.
1272018-06-08 22:52:20 UTCDEV XSS Protection bypass made my quickest bounty ever!!Yeasir Arafat shares about a successful XSS attack that led to his quickest bounty ever. He highlights the importance of sharing knowledge and experiences in the cybersecurity community.
1282018-06-07 16:18:13 UTCPaulos Yibelo - Blog: THE BIG BAD WOLF - XSS AND MAINTAINING ACCESSThe content is minimal and lacks information. It mentions Paulos Yibelo's blog post titled "THE BIG BAD WOLF - XSS AND MAINTAINING ACCESS" but only includes the meta description tag commonly used in websites to provide a brief summary of the page's content. The content is incomplete and does not provide any details about the blog post's actual content or the topic of XSS (Cross-Site Scripting) and maintaining access.
1292018-06-07 01:40:28 UTCXSS Challenge I - Brute XSSAn XSS challenge was introduced to trigger an alert(1) box in Google Chrome version 53. The code was minified, offering opportunities for input injections. A Content Security Policy (CSP) header restricted certain actions. Participants aimed to overcome these obstacles to complete the challenge successfully.
1302018-06-06 04:18:34 UTCUltimateHackers/XSStrike: XSS Scanner equipped with powerful fuzzing engineXSStrike is an advanced XSS scanner with a powerful fuzzing engine. It is available for contribution on GitHub under the username s0md3v.
1312018-06-06 02:12:22 UTCCalling Remote Script With Event Handlers - Brute XSSThe content discusses a technique called "Calling Remote Script With Event Handlers" to execute a brute XSS attack. Once an alert box is triggered, the attacker aims to call an external script to manipulate the victim. In cases where traditional XSS methods are ineffective, the attacker must construct a request to load remote code. This approach allows the attacker to execute malicious actions on the victim's system.
1322018-06-06 02:08:44 UTCThe 7 Main XSS Cases Everyone Should Know - Brute XSSThe content discusses the 7 main XSS cases essential for understanding and demonstrating XSS vulnerabilities effectively. These cases are crucial for proof of concept in identifying XSS flaws. The content implies that knowing these cases can help individuals identify and address a wide range of XSS vulnerabilities.
1332018-06-05 03:11:37 UTCBlind XSS for beginnersThe content discusses Blind XSS for beginners, addressing common questions like tool recommendations, registering in XSShunter, and techniques for exploitation. It highlights the interest in Blind XSS and the need for guidance on tools and procedures.
1342018-06-04 02:32:28 UTCXSS and RCE - Brute XSSRCE (Remote Code Execution) is a severe vulnerability sought after by attackers to compromise systems. XSS, often underestimated, can be a stepping stone towards achieving RCE. Both vulnerabilities can lead to server, client, and network compromise. Understanding the relationship between XSS and RCE is crucial for effective security measures.
1352018-05-28 13:32:56 UTCBlind XSS for beginnersThe content discusses Blind XSS for beginners, addressing common questions about tools, registration on XSShunter, and techniques like payload spraying. It highlights the interest and inquiries received via Twitter on these topics.
1362018-05-26 02:40:52 UTChttps://medium.com/bugbountywriteup/file-upload-xss-patched-83ea55bb9a55?source=userActivityShare-90814179aa21-1527302452The content discusses a bug bounty write-up detailing a file upload XSS vulnerability that was successfully patched. The author describes the discovery of the vulnerability, the impact it could have had, and the steps taken to responsibly disclose it to the affected party. The post highlights the importance of thorough security testing and responsible disclosure in the bug bounty community.
1372018-05-19 17:37:43 UTC900$ XSS in yahoo ( Recon Wins )The content provided is too brief to summarize as it only includes a greeting without any additional information or context.
1382018-05-17 19:02:41 UTC7500$ worth DOM XSS in Facebook Mobile Site – Johns Simon – MediumThe content discusses a security researcher discovering a $7500 worth DOM-based Cross-Site Scripting (XSS) vulnerability in Facebook's mobile site while targeting Adobe's website for vulnerabilities. The researcher found that Adobe was using Facebook and Gmail logins for sign-ins, leading to the discovery of the XSS flaw. This vulnerability could potentially allow attackers to execute malicious scripts on the site.
1392018-05-07 15:53:37 UTCXSS (Cross Site Scripting) Prevention Cheat Sheet - OWASPThe content is about the XSS (Cross Site Scripting) Prevention Cheat Sheet provided by OWASP. It is a resource that contains guidelines and best practices to prevent XSS attacks on websites. The cheat sheet is part of a larger project that offers various resources for web security. It serves as a comprehensive reference for developers to protect their websites from malicious scripts. The content emphasizes the importance of implementing security measures to safeguard against XSS vulnerabilities.
1402018-04-30 22:25:03 UTCSteal CSRF/Auth/Unique key Header with XSSThe content is about stealing CSRF, authentication, or unique key headers using Cross-Site Scripting (XSS) attacks. It suggests a method to exploit vulnerabilities in web applications by injecting malicious scripts to intercept sensitive information. This technique allows attackers to bypass security measures and gain unauthorized access to user data or perform malicious actions. It highlights the importance of protecting against XSS attacks to safeguard sensitive information and prevent unauthorized access to web applications.
1412017-12-12 04:29:43 UTCHow to Write an XSS Cookie Stealer in JavaScript to Steal Passwords « NullThe content discusses creating an XSS cookie stealer in JavaScript to steal passwords, highlighting JavaScript's versatility on the web. It mentions how JavaScript can automate website components, manage content, and perform various functions within a webpage. The article likely provides insights into the technical aspects of implementing such a script, emphasizing the importance of understanding and preventing cross-site scripting vulnerabilities.
1422017-12-02 16:12:26 UTCSniping Insecure Cookies with XSSThe content discusses exploiting XSS vulnerabilities to compromise web applications by targeting insecure session tokens. It provides a detailed analysis of a real-life web application, demonstrating how a single XSS vulnerability can lead to the complete compromise of the system, including taking over the administrator's account. The post highlights the importance of proper session token implementation to prevent such attacks and emphasizes the need for secure coding practices to protect against XSS exploits.
1432017-12-02 03:57:49 UTCbypassing htmlentities() - Paulos Yibelo - BlogThe content provided is a title mentioning bypassing htmlentities() by Paulos Yibelo on a blog. The title suggests that the blog post likely discusses a method or technique related to bypassing the htmlentities() function. It hints at a potential security or coding topic where the author may be sharing insights on how to circumvent or work around the htmlentities() function in web development or programming.
1442017-11-30 13:05:06 UTCTaking note: XSS to RCE in the Simplenote Electron clientThe content discusses a security vulnerability in the Simplenote Electron client that allows attackers to exploit a cross-site scripting (XSS) vulnerability to achieve remote code execution (RCE). This vulnerability poses a significant risk to users of the Simplenote Electron client, potentially allowing malicious actors to execute arbitrary code on affected systems. It highlights the importance of promptly addressing such vulnerabilities to prevent exploitation and protect user data and system integrity.
1452017-06-23 02:08:17 UTCRails Quiz: XSS Edition – Runtime RevolutionThe content invites readers to participate in a Rails Quiz focusing on XSS protection in Rails applications. It challenges readers to test their knowledge on safeguarding Rails apps from XSS attacks.
1462017-06-20 17:15:49 UTCXSSer automated framework to detect, exploit and report XSS vulnerabilitiesXSSer is an automated framework designed to identify, exploit, and report XSS vulnerabilities. It includes tools like XSS Scanner and Vulnerability Scanner to detect and exploit XSS flaws. The framework also supports Hash Injection techniques.
1472017-04-08 03:08:13 UTCXSSight - Automated XSS Scanner And Payload Injector - GBHackers On SecuritXSSight is an automated tool that functions as both an XSS scanner and payload injector. It helps detect and exploit cross-site scripting vulnerabilities through payload injection. The tool is designed for vulnerability scanning and identifying XSS issues on websites.
1482017-03-31 15:40:04 UTCHTML5 Security CheatsheetThe content provided is a title mentioning an "HTML5 Security Cheatsheet." It suggests that there may be a resource or guide available that focuses on security considerations specific to HTML5. The title implies that the cheatsheet may contain essential information, tips, or best practices related to securing HTML5 applications or websites.
1492017-03-07 19:53:05 UTCHow I Stole Plunker Session Tokens With Angular ExpressionsThe content discusses how the author discovered and exploited an Angular Expression Injection vulnerability on Plunker to steal session tokens. This write-up details the process of identifying the vulnerability and using it to access session tokens. It highlights the importance of being aware of such vulnerabilities and the potential risks they pose to user data security.
1502017-03-07 19:52:26 UTCXSS without HTML: Client-Side Template Injection with AngularJS : netsecThe Reddit post titled "XSS without HTML: Client-Side Template Injection with AngularJS" in the netsec subreddit has garnered 177 votes and 10 comments. The post likely discusses a security vulnerability related to AngularJS that allows for client-side template injection without the use of HTML, potentially leading to cross-site scripting (XSS) attacks. The content appears to be focused on raising awareness about this security issue within the AngularJS framework.
1512017-03-07 19:35:52 UTCAngular Template Injection PayloadsThe content is about Angular Template Injection Payloads on GitHub. It likely contains information, code snippets, or examples related to exploiting template injection vulnerabilities in Angular applications. This content may provide insights into potential security risks and ways to prevent or address template injection issues within Angular projects.
1522017-03-07 19:33:47 UTCPortSwigger Web Security Blog: Adapting AngularJS Payloads to Exploit RealThe PortSwigger Web Security Blog discusses the challenges of exploiting AngularJS Template Injection in XSS attacks. Experienced pentesters face obstacles like filtering, encoding, browser quirks, and WAFs. Adapting AngularJS payloads to bypass these defenses is crucial for successful exploitation.
1532017-03-07 19:29:28 UTCPortSwigger Web Security Blog: XSS without HTML: Client-Side Template InjecThe PortSwigger Web Security Blog discusses how the widespread use of AngularJS can lead to Angular Template Injection vulnerabilities on websites. This issue is a less recognized form of server-side template injection. The blog highlights the risks associated with naive implementation of AngularJS, emphasizing the importance of understanding and mitigating such vulnerabilities to protect websites from exploitation.
1542017-03-07 19:22:33 UTCng-owasp: OWASP Top 10 for AngularJS ApplicationsThe content discusses the OWASP Top 10, a list of critical web application security risks, and how they apply to AngularJS applications. It explores security vulnerabilities specific to AngularJS, aiming to address and mitigate these risks. The focus is on understanding and implementing security measures to protect AngularJS applications from potential threats outlined in the OWASP Top 10 list.
1552017-02-01 21:28:28 UTCAccurate XSS Detection with BurpSuite and PhantomJS - nVisium BlogThe article discusses the importance of accurate XSS detection using BurpSuite and PhantomJS. It highlights how XSS attacks happen due to improper encoding of application output, enabling malicious users to inject and execute JavaScript code within the target application. By leveraging tools like BurpSuite and PhantomJS, security professionals can enhance their ability to detect and prevent XSS vulnerabilities effectively.
1562016-05-19 15:12:25 UTCWhat is Cross-site Scripting and How Can You Fix it?The article explains Cross-site Scripting attacks and offers a solution using Acunetix WVS to safeguard websites. It educates on the vulnerability's workings and the importance of protection.
1572016-02-10 18:56:09 UTCPreventing XSS Attacks in ASP.NET MVC using ValidateInput and AllowHTML - CThe blog discusses preventing XSS (Cross Site Security) attacks in ASP.NET MVC by utilizing ValidateInput and AllowHTML features. It aims to provide insights on how to enhance security measures to mitigate XSS vulnerabilities in ASP.NET MVC applications.