appsec.fyi

A somewhat curated list of links to various topics in application security.

Cross-Site Scripting (XSS)

LinkExcerptWord Count
How I Found Multiple XSS Vulnerabilities Using Unknown TechniquesHello, everyone. I hope you are well. Today I’m going to talk about Multiple XSS Attacks Using Different Techniques, which I discovered while working in various bug bounty programs.2720
Mass Hunting Blind XSS Using XSSHunter Express Part 1The Blind Cross-Site Scripting is a pretty serious client-side vulnerability with serious consequences. This type of vulnerability enables attackers to insert harmful scripts capable of stealing sensitive data, taking over user sessions, defacing websites, or initiating more complex attacks.1233
Hunting Blind XSS on the Large Scale — Practical TechniquesIn this article, I will reveal the techniques for detecting Blind Cross-Site Scripting at scale. We will dive into the Blind XSS payloads used to bypass WAF, open-source tools from GitHub, and methodology.2529
XSSRF : The Matrimony of XSS and SSRF.Hey folks, Nauman Khan back in action! 🚀 Today, we’re diving into the depth of XSSRF — where Server-Side Request Forgery (SSRF) meets Cross-Site Scripting (XSS). Lets Learn How I was able to turn an Informative(P5) SSRF to an High(P2) Severity Vulnerability And Got $$$ for it.407
A Bunch of Web and XSS ChallengesDue to being busy lately, I haven’t been participating in CTFs as much in the past two or three months. However, I still come across some interesting challenges on Twitter.1877
Weaponised XSS PayloadsXSS payloads designed to turn alert(1) into P1. In this repository you will find a bunch of JavaScript files which can be loaded into an XSS payload in order to perform sensitive functions on popular CMS platforms in the context of the victim's browser.307
JS-Tap: Weaponizing JavaScript for Red TeamsHow do you use malicious JavaScript to attack an application you know nothing about? Application penetration testers often create custom weaponized JavaScript payloads to demonstrate potential impact to clients.2719
Web Security AcademyAs you have injected a backslash and the site isn't escaping them, when the JSON response attempts to escape the opening double-quotes character, it adds a second backslash. The resulting double-backslash causes the escaping to be effectively canceled out.127
NucleiFuzzer - Powerful Automation Tool For Detecting XSS, SQLi, SSRF, Open-Redirect, Etc.. Vulnerabilities In Web ApplicationsNucleiFuzzer is an automation tool that combines ParamSpider and Nuclei to enhance web application security testing. It uses ParamSpider to identify potential entry points and Nuclei's templates to scan for vulnerabilities.227
Gxss v3.0A Light Weight Tool for checking reflecting Parameters in a URL. Inspired by kxss by @tomnomnom.374
Awesome Bug Bounty ToolsAwesome Bug Bounty Tools A curated list of various bug bounty tools Contents Recon Subdomain Enumeration Port Scanning Screenshots Technologies Content Discovery Links Parameters Fuzzing Exploitation Command Injection CORS Misconfiguration CRLF Injection CSRF Injection Directory Traversal File Inc3853
Training XSS MusclesXSS is all about practice. It requires a lot of time to print in the mind all vectors, payloads and tricks at our disposal. There are lots of XSS cases, each one requiring a different approach and construct to pop the alert box.448
DOM-based XSS – The 3 SinksThe most common type of XSS (Cross-Site Scripting) is source-based. It means that injected JavaScript code comes from server side to execute in client side.1099
devanshbatham/Vulnerabilities-UnmaskedThis repo tries to explain complex security vulnerabilities in simple terms that even a five-year-old can understand! Imagine you have a toy box where you and your friends can put your favorite toys in and take them out whenever you want. Each of you can only take out your own toys.3169
Mastering XSS: A Comprehensive Guide for Bug Bounty HuntersCross-site Scripting (XSS) is a type of security vulnerability that allows attackers to inject malicious code, usually in the form of scripts, into web applications. This can lead to a wide range of harmful consequences, such as stealing sensitive data, defacing websites, or spreading malware.2333
Sponsor payloadbox/xss-payload-listCross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user.25210
Bypassing Character Limit - XSS Using Spanned PayloadHello, I am Syed Mushfik Hasan Tahsin aka SMHTahsin33, an 18 Y/O Cyber Security Enthusiast from Bangladesh. I am into Infosec due to curiosity and I do bug bounties in free time. Working in this sector for about 3+ Years now.649
XSS-PayloadsList of XSS Vectors/Payloads i have been collecting since 2015 from different resources like websites,tweets,books.. You can use them to bypass WAF and find XSS vulnerabilities, i will try to update the list as possible.141
Top 25 Vulnerability Parameters based on frequencyFor basic researches, top 25 vulnerable parameters based on frequency of use with reference to various articles. These parameters can be used for automation tools or manual recon.138
Web Security AcademyThis cross-site scripting (XSS) cheat sheet contains many vectors that can help you bypass WAFs and filters. You can select vectors by the event, tag or browser and a proof of concept is included for every vector. You can download a PDF version of the XSS cheat sheet.1976
Tiny-XSS-PayloadsTiny-XSS-Payloads A collection of short XSS payloads that can be used in different contexts. The DEMO available here: https://tinyxss.terjanq.288
Top 25 XSS Bug Bounty ReportsIn this article, we will discuss Cross-Site Scripting (XSS) vulnerability, how to find one and present 25 disclosed reports based on this issue.934
Burp Suite For Pentester: HackBarIsn’t it a bit time consuming and a boring task to insert a new payload manually every time for a specific vulnerability and check for its response?2021
MindMaps 🗺️This repository stores and houses various Mindmaps for bug bounty Hunters🧑‍🦰, pentesters🧑‍🦰 and offensive(🔴)/defensive(🔵) security Professionals🫂 provided by me as well as contributed by the community🧑🏻‍🤝‍🧑🏽.472
The XSS hunter's secret weaponFind, report and stay up-to-date on XSS vulnerabilities with BXSSHUNTER, the ultimate tool for professionals. Discover cross-site scripting (XSS) vulnerabilities using BXSSHUNTER.166
Sponsor ssl/ezXSSFor a demo visit demo.ezxss.com/manage with password demo1234. Please note that some features might be disabled in the demo version.209
yeswehack/vulnerable-code-snippetsYesWeHack present code snippets containing several different vulnerabilities to practice your code analysis. The code snippets are beginner friendly but suitable for all levels!323
Get bounties with Blind XSS0
Bug Bounty Reflected XSS Exploitation Tips for beginnersJust some basic context I think beginners should know when they find XSS that they might not know is. If you find XSS and the http cookie flag is not checked for the cookie that is responsible for authentication. You can raise your XSS from a medium to a high based on that.1227
👩‍💻IW Weekly #39 : $10,000 Bounty, Zero-click Account Takeover, Stored XSS, Open Redirection Vulnerability, SQL Injection, RCE, Reconnaissance Techniques, and much more…Welcome to the #IWWeekly39 - the Monday newsletter that brings the best in Infosec straight to your inbox. IWCON2022 finally came to a glorious end ❤️ Thank you for joining us.657
Exploit NotesSticky notes for pentesting. Search hacking techniques and tools for penetration testings, bug bounty, CTF.39
👩‍💻 $600k Bounty, Jetty Features, Response Queue Poisoning, Bypass SSRF Protections, XSS…This simple business logic flaw in smart contracts resulted in a $600K bounty. Welcome to the #IWWeekly26 — the Monday newsletter that brings the best in Infosec straight to your inbox.653
Our favourite community contributions to the XSS cheat sheetSince we launched the ever popular XSS cheat sheet, we've had some fantastic contributions from the XSS community. In this post, we thought we'd take the opportunity to highlight the seven best commun0
Reflected XSS DVWA — An Exploit With Real World Consequences — StackZeroReading tons of pages of Reflected XSS and how it works, could not be enough to understand deeply, so DVWA comes again to our aid.The best way to make the concept our own is, as usual, the practical one.1196
An unusual way to find XSS injection in one minuteHi there! I think that many developers have heard that you can’t trust any user input, and indeed it is. However, there are some places that are often overlooked, which lead to vulnerabilities. And one of those places is ……. registration 🤔.383
Sponsor payloadbox/xss-payload-listCross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user.25210
10 Types of Web Vulnerabilities that are Often MissedDetectify Crowdsource is not your average bug bounty platform. It’s an invite-only community for ethical hackers passionate about securing modern technologies and end users.3850
XSS Hunter ExpressThe fastest way to set up XSS Hunter to test and find blind cross-site scripting vulnerabilities. To set up XSS Hunter Express, modify the docker-compose.yaml file with your appropriate settings/passwords/etc.1015
Digging Deep Into Dom XSSOkay let’s tackle this beast, as i am writing this, i’m trying to prepare you for what’s coming because this will not be easy at all. Burp suite pro makes it somewhat easier but even then, you still need to be able to interpret the scan results and exploit the vulnerability.1143
The Ultimate Guide to Finding and Escalating XSS BugsWhat is XSS? Cross-Site Scripting (XSS) is the most common vulnerability discovered on web applications. It occurs when an attacker is able to execute client-side JavaScript in another user’s browser.  XSS is a very interesting and dynamic bug class for a number of reasons.3491
QuickXSSBash Script to Automate XSS using Waybackurls, GF, GF Patterns and Dalfox. Install Go in your Machine and then install required Tools.263
Top 25 Vulnerability Parameters based on frequencyFor basic researches, top 25 vulnerable parameters based on frequency of use with reference to various articles. These parameters can be used for automation tools or manual recon.138
Electron JS Browser To Find XSS Vulnerabilities AutomaticallyInstall Node.js and npm (https://www.npmjs.com/get-npm) or (sudo apt install npm) Download this repo files or (git clone https://github.233
Stored XSS in icloud.comHello Guys hope you all are doing well, fine and healthy during this hard time. Hello, I am Vishal Bharad, from India and working as Penetration Tester, Now today I am going to share how I found Stored Cross-Site Scripting (XSS) in icloud.com.409
How JavaScript works: 5 types of XSS attacks + tips on preventing themThis is post # 21 of the series, dedicated to exploring JavaScript and its building components.2204
Stealing User Information Via XSS Via Parameter PollutionSo, I was wandering and suddenly this tweet popped up in my news feed. Then, I decided to give myself a new start as it’s 2021 🎉. I logged in to my bugcrowd account and picked a suitable target (on which I’ve found bugs in the past) according to my skills.791
$20000 Facebook DOM XSSThe window.postMessage() method safely enables cross-origin communication between Window objects; e.g., between a page and a pop-up that it spawned, or between a page and an iframe embedded within it. — Mozilla postMessage Documentation913
Top 500 Most Important XSS Script Cheat Sheet for Web Application Penetration TestingXSS is a very commonly exploited vulnerability type which is very widely spread and easily detectable. Here we are going to see about most important XSS Cheat Sheet. What is XSS(Cross Site Scripting)? An attacker can inject untrusted snippets of JavaScript into your application without validation.4883
Documenting the impossible: Unexploitable XSS labsGareth Heyes Researcher @garethheyes Have you ever found some risky behavior, but couldn't quite prove it was exploitable? Our XSS cheat sheet contains virtually every exploit technique we know of, but what should you do if you can't find a technique for your scenario? Did we just forget to mention732
Uber Bug Bounty: Turning Self-XSS into Good-XSSNow that the Uber bug bounty programme has launched publicly, I can publish some of my favourite submissions, which I’ve been itching to do over the past year. This is part one of maybe two or three posts.1351
XSS Cheat SheetThis 32-page booklet includes 100+ Cross-Site Scripting payloads and techniques with clear directions in several possible scenarios to help you with modern XSS. Sample here. 1. Basics 2. Advanced 3. Bypass 4. Exploiting 5. Extra 6. Brutal43
Open-redirect to Account Takeover.Hi everyone this is my first writeup about my first bug and I want to share how I escalated open redirect to Account Takeover. Let’s go This was the URL which redirects to the given page after login but the issue was that if I pass https://google.com to next parameter it will redirect to google.377
Samesite by Default and What It Means for Bug Bounty HuntersYou have probably heard of the SameSite attribute addition to HTTP cookies since Chrome 51 (and a specification thereafter). It was advertised as a CSRF killer. This attribute is going to be set by default for all cookies in Chrome 80 (February 4, 2020).784
Get Reflected XSS within 3 minutesHi guys. I found xss on 8x8 within 3 minutes and I want to share it step by step. I am writing these write-ups for beginners like me. I think I will learn more as I write and I love it. Descend as deep as you can.146
Cross-Site Script InclusionTwo key components account for finding vulnerabilities of a certain class: awareness of the vulnerability and ease of finding the vulnerability. Cross-Site Script Inclusion (XSSI) vulnerabilities are not mentioned in the de facto standard for public attention – the OWASP Top 10.2160
Testing for XSS (Like a KNOXSS)Testing for Cross-Site Scripting (XSS) might seem easy at first sight, with several hacking tools automating this process. But regardless of how tests to find a XSS are performed, automated or manually, here we will see a step-by-step procedure to try to find most of the XSS cases out there.1360
CORS Enabled XSSMisconfigured CORS (Cross Origin Resource Sharing) headers can’t be abused to trigger javascript in a target website. But there’s an interesting and useful way to use it in an existing XSS scenario. One page websites, by their very nature, make heavy use of javascript.222
XSS in GMail’s AMP4Email via DOM ClobberingThis post is a write up of an already-fixed XSS in AMP4Email I reported via Google Vulnerability Reward Program in August 2019. The XSS is an example of a real-world exploitation of well-known browser issue called DOM Clobbering.1596
Cross-site scriptingCross-site scripting (XSS) is a type of security vulnerability typically found in web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users.5150
XSS HunterBETAIf this is how you hunt for Cross-Site Scripting (XSS)... ...18
Browser's XSS Filter Bypass Cheat SheetBrowser's XSS Filter Bypass Cheat Sheet 目次 XSS Auditor IE/EdgeのXSSフィルター XSS Auditorhttp://www.businessinfo.co.uk/labs/talk/The_Sexy_Assassin.ppt https://masatokinugawa.l0.cm/2015/10/css-based-attack-abusing-unicode-range.html 任意のタグを書けるXSSがある https://bugs.968
The misunderstood X-XSS-ProtectionA few days ago, I made a poll on Twitter to see what people think is the worst setting for the XSS filter/auditor.625
B-XSSRF - Toolkit To Detect And Keep Track On Blind XSS, XXE And SSRFToolkit to detect and keep track on Blind XSS, XXE & SSRF.90
File Upload XSSA file upload is a great opportunity to XSS an application. User restricted area with an uploaded profile picture is everywhere, providing more chances to find a developer’s mistake. If it happens to be a self XSS, just take a look at the previous post.394
Show me thy XSS abilities, polyglot!So its 0045 EAT and im up reading the OWASP Testing Guide V4. I have always used OWASP as my appsec bible, but i have never gone through this whole book. And boy how much wonder it packs. Anywayyyyyyyy, looking back, i discovered a duplicate vulnerability on an XYZ platform (on hackerone).405
Cross Site Scripting (XSS) Payload GeneratorThis post will help you to evade some of those tricky cross site scripting restrictions with the help of a new tool I’ve pushed to our XSS Payloads repository.819
Advanced Blind XSS PayloadsWhen auditing applications, sometimes context is lost, and issues are missed. The same will be true when looking for Blind Cross-Site-Scripting (bXSS). Last year I blogged about AngularJS bXSS and how you can leverage AngularJS to execute JavaScript for you in a bXSS context.1167
XSSed my way to 1000$Hello Guys, I recently encountered with an amazing bypass to an endpoint of a program on Synack. Although the bug wasn’t as hard to find, a minimalistic programming knowledge helped me get over 1000$ on this program.598
XSS in hidden input fieldsAt PortSwigger, we regularly run pre-release builds of Burp Suite against an internal testbed of popular web applications to make sure it's behaving properly. Whilst doing this recently, Liam found a Cross-Site Scripting (XSS) vulnerability in [REDACTED], inside a hidden input element:339
Automating Discovery and Exploiting DOM (Client) XSS Vulnerabilities using Sboxr — Part 1This series of blogposts show how you can identify DOM XSS issues using Sboxr on Single Page or JavaScript rich applications. As examples, we solved the 10 exercises at the DOM XSS playground at https://domgo.at and created simple Proof of Concept exploits for the detected issues.1304
Automating Discovery and Exploiting DOM (Client) XSS Vulnerabilities using Sboxr — Part 3This is Part 3 of a series of blogposts to show how you can identify DOM XSS issues using Sboxr on Single Page or JavaScript rich applications. As examples, we solved the 10 exercises at the DOM XSS playground at https://domgo.at and created simple Proof of Concept exploits for the detected issues.1324
A comprehensive tutorial on cross-site scriptingExcess XSS A comprehensive tutorial on cross-site scripting Created by Jakob Kallin and Irene Lobo Valbuena Part One: Overview What is XSS? Cross-site scripting (XSS) is a code injection attack that allows an attacker to execute malicious JavaScript in another user's browser.5289
payloadsGit All the Payloads! A collection of web attack payloads. Pull requests are welcome! Requests extracted from either packet captures or log files of capture the flag (ctf) events. Mostly raw data so not all requests are actual payloads, however requests should be deduplicated.679
Into the Borg – SSRF inside Google production networkIn March 2018, I reported an XSS in Google Caja, a tool to securely embed arbitrary html/javascript in a webpage. In May 2018, after the XSS was fixed, I realised that Google Sites was using an unpatched version of Google Caja, so I looked if it was vulnerable to the XSS.1518
0xsobky/HackVaultWhen it comes to testing for cross-site scripting vulnerabilities (a.k.a. XSS), you’re generally faced with a variety of injection contexts where each of which requires you to alter your injection payload so it suites the specific context at hand.894
swisskyrepo/PayloadsAllTheThingsGitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.25
The Real Impact of Cross-Site ScriptingCross-site scripting (XSS) is probably the most prevalent high risk web application vulnerability nowadays, and yet it is still one of the most overlooked by developers and defenders alike.1588
Cross site scripting XSSUpcoming SlideShare Loading in …5 × Cross site scripting XSS 1. Cross Site Scripting - XSS 2. Overview • One of the most common application-layer web attacks. • Commonly targets scripts embedded in a page which are executed on the client-side rather than on the server-side. 3.610
Cross Site Scripting ( XSS)Upcoming SlideShare Loading in …5 × Cross Site Scripting ( XSS) 2. <ul><li>Cross Site Scripting </li></ul><ul><li>XSS is a vulnerability which when present in websites or web applications, allows malicious users (Hackers) to insert their client side code (normally JavaScript) in those web pages.1831
XSS Cheat SheetXSS Vectors Cheat Sheet onclick=alert(1)//<button ‘ onclick=alert(1)//> */ alert(1)//  /*! SLEEP(1) /*/ onclick=alert(1)//<button value...0
Google Assistant Bug Worth $3133.7 !Hi hackers! Long time no see.. My college Prof. asked me to conduct some useful workshop for students. After a quick search, I figured out on the workshop as “Making apps using Google Assistant”.230
Hands On training | Google XSS GameIn a previous post, I talked about XSS aka Cross Site Scripting. Hope you all got a basic knowledge now. In this post, I am giving you more information on XSS with a hands on training on the Google XSS Game. You can find a video on how to solve this at the bottom of the page.1339
666 lines of XSS vectors, suitable for attacking an APIa guest 12,381 Never Not a member of Pastebin yet? Sign Up, it unlocks many cool features! <script\x20type="text/javascript">javascript:alert(1);</script><script\x3Etype="text/javascript">javascript:alert(1);</script><script\x0Dtype="text/javascript">javascript:alert(1);</script><script\x09type="tex6046
Reflected Client XSS at Amazon.comAre you aware of any (private) bug bounty programs? I would love to get an invite. Please get in touch with me: Jonathan@Protozoan.nl Background The last 2 months I’ve been trying to improve my frontend & backend skills by developing https://Scroll.1175
Reflected XSS on Stack OverflowThis is @newp_th. Today I want to share with you a Reflected XSS which I found in Stack Overflow. While i was testing some other domain and doing spider activity in burpsuite, I checked issues tab whether any issues were popped up.206
How to identify whether XSS is reflected or DOM based?You'd have to check the page source and see where the your code is being executed. Compare the code the browser receives from the network with the code the browser displays after running scripts. Reflected XSS should be easy to find, but DOM XSS can be tricky sometimes.321
DOM XSS Intro70
Reflected XSS via AngularJS Template Injection | Hostinger70
How I Found Stored XSS in Yahoo!160
What is XSS? Cross-site Scripting Explained5What is XSS? Cross-site Scripting Explained6
Self-XSS + CSRF to Stored XSSHola, this is Renwa from Kurdistan i’m glad to write my first write-up about infosec and Bugbounties.288
The story behined the Strong XSS filter bypass!Yeasir Arafat again here to share the latest finds Sharing is Caring!! Today's topic is about to bypassing XSS filters on a Domain & hosting company who runs a public bug bounty program.360
Demonstrating Reflected versus DOM Based XSSUpdate April 2021: Some changes to the heroku Juice Shop app have broken this demo.  The script payload no longer works for Juice shop, however there are other XSS payloads that do work, such as payloads that use onerror attribute of img tag.1652
How i converted SSRF TO XSS in jira.Before i start Acunetix does Subdomain scans so just set the time out to 20 and you will get a really big list with banners and response headers. (it does the half of the work for you.) Now, i een through lots of subdomains and i was specifically looking for any jira environment , and i found one.313
Respect XSSReported to Microsoft on secure@microsoft.com: 20th February 2017 Triaged and Case # Assigned email from secure@microsoft.com: 20th February 2017 and Case # was 37482 Case Reproduction Email Confirmation from secure@microsoft.5069
How I found a stored XSS on thousands of webshopsI’d like to share with you the story of how I found a common misconfiguration in IBM’s Websphere Commerce, which can lead to a very interesting stored cross site scripting bug, affecting all users of some high-traffic sites.2086
Compromising CMSes with XSSCMSes (Content Management Systems) are a perfect target for XSS attacks: with their module installation features and the possibility to know all the requests done by a legit administrator of the system previously, it’s pretty easy to mount a CSRF (Cross-Site Request Forgery) attack against him/her787
XSS using meta Tags – Muhammad Ibraheem – MediumSo i was invited by a friend to join a Social Website that helps people to earn money by liking, sharing, updating posts. As a Pentester, i thought let’s try to find some vulnerabilities. I found many vulnerabilities (mentioned in the last of article).228
DEV XSS Protection bypass made my quickest bounty ever!!So, this time I was able to bypass protection also able to manage some bounty with quick time.I have got some cool swag and little bounty to them before reporting this XSS to them :) .I had found HTML injection on their public discussion.At that time I was able to inject malicious script with HTML.338
THE BIG BAD WOLF - XSS AND MAINTAINING ACCESS... And there we have it ladies and gents, while we may not have the cookie, we still can get an almost invisible access to an application we can query full read/write privileges as the user.953
XSS Challenge ISome weeks ago, a XSS challenge was launched: the goal was to pop an alert(1) box in latest Google Chrome at that time (version 53). Code was minified (made by just one continuous line) which always brings interesting possibilities to handle input injections.542
UltimateHackers/XSStrikeXSStrike is an advanced XSS detection suite. It has a powerful fuzzing engine and provides zero false positive result using fuzzy matching. XSStrike is the first XSS scanner to generate its own payloads. It is intelligent enough to detect and break out of various contexts.212
Calling Remote Script With Event HandlersAfter a tester or attacker is able to pop an alert box, the next step is to call an external script to do whatever he/she wants to do with the victim. In scenarios where XSS is not possible with “<script src=//HOST>” or similar, we need to build the request to load our remote code.288
The 7 Main XSS Cases Everyone Should KnowWhen reading material on XSS subject we usually see the classical <script>alert(1)</script> as an demonstration of such vulnerability (PoC – Proof of Concept).727
Blind XSS for beginnersWhat is Blind XSS? It is a type of stored XSS where attackers input is saved by server and is reflected in a totally different application used by system admin/team member.523
XSS and RCERCE (Remote Code Execution) is a critical vulnerability which usually is the final goal of an attack. With code execution, it’s possible to compromise servers, clients and entire networks.578
Blind XSS for beginnersWhat is Blind XSS? It is a type of stored XSS where attackers input is saved by server and is reflected in a totally different application used by system admin/team member.523
File Upload XSSThe web application allows file upload and was able to upload a file containing HTML content. When HTML files are allowed, XSS payload can be injected in the file uploaded but this vulnerability will only work in linux because windows OS doesn’t allow the tags in file name.230
900$ XSS in yahoo ( Recon Wins )For those who expects special bypass or xss related stuff this is not about the xss i found which was easy hit, this is about the recon i did and the help i got from Knoxss to report this vulnerability to yahoo.623
7500$ worth DOM XSS in Facebook Mobile SiteListenShareI was recently targeting adobe website for any vulnerabilities.I came to know that they were using (facebook/gmail) login to sign in instantly.when i clicked the ‘signin with facebook’,Facebook app login page was loaded.240
XSS (Cross Site Scripting) Prevention Cheat SheetThis article provides a simple positive model for preventing XSS using output escaping/encoding properly. While there are a huge number of XSS attack vectors, following a few simple rules can completely defend against this serious attack.3473
Steal CSRF/Auth/Unique key Header with XSSIn fig: 1 You can see that there is a CSRF-token header presence in the website. Now we are going to steal it. Okay elow is the code which steals the token header and send it to the attacker’s server.334
Chaining Self XSS with UI Redressing is Leading to Session Hijacking (PWN users like a boss)But i had noticed that application was not using the x-frame header. so thought lets check for click jacking. ! and yeah ! application was vulnerable with click jacking. Here is the Click jacking which is chained with self xss which grabs victim’s cookies.280
Stealing HttpOnly Cookie via XSSIt’s very rarely that i write about my findings , But i decided to share this which may help you while writing pocs.1465
How To: Write an XSS Cookie Stealer in JavaScript to Steal PasswordsJavaScript is one of the most common languages used on the web. It can automate and animate website components, manage website content, and carry out many other useful functions from within a webpage.1930
Sniping Insecure Cookies with XSSIn this post I want to talk about improper implementation of session tokens and how one XSS vulnerability can result in full compromise of a web application. The following analysis is based on an existing real-life web application.2658
bypassing htmlentities()Well I don’t know how to break it down for you, you just can’t break out of it. (if the function is used properly and exactly where it should). But most developers don’t use it the right way, since it’s like a norm for some developers to not use built-in functions properly.707
Taking note: XSS to RCE in the Simplenote Electron clientOriginally released in 2013, Electron is a framework for creating native desktop products with JavaScript, HTML, and CSS. Since then, companies such as Microsoft and Slack have built Electron into their development process.760
XSStrike - Detect and exploit XSS vulnerabilitesWe’ll attempt to show you how to build your own Pwn Phone running the Kali operating system and our  AOPP (Android Open Pwn Project)   i...29
XSS (Cross Site Scripting) Prevention Cheat SheetThis article provides a simple positive model for preventing XSS using output escaping/encoding properly. While there are a huge number of XSS attack vectors, following a few simple rules can completely defend against this serious attack.3593
Rails Quiz: XSS EditionCross-site scripting (XSS) is a type of computer security vulnerability that enables an attacker to inject code into a web page. When a user later visits that web page the code is executed in that user’s browser.606
XSSer – Automated Web Pentesting Framework Tool to Detect and Exploit XSS vulnerabilitiesXSS is a very commonly exploited vulnerability type which is very widely spread and easily detectable for XSS. An attacker can inject untrusted snippets of JavaScript into your application without validation.370
mandatoryprogrammer/xsslessAn automated XSS payload generator written in python. This is an example XSS payload output (uncompressed) that parses CSRF tokens and uploads a binary all via XSS!9415
XSSight – Automated XSS Scanner And Payload InjectorXSS is a very commonly exploited vulnerability type which is very widely spread and easily detectable. An attacker can inject untrusted snippets of JavaScript into your application without validation. This JavaScript is then executed by the victim who is visiting the target site.239
HTML5 Security CheatsheetWhat your browser does when you look away...HTML5 Security CheatsheetWhat your browser does when you look away...14
Cross Site Scripting Payloads ≈ Packet Storm_________ _________.__ __ _________ .__ __ .3192
Collection of Cross-Site Scripting (XSS) PayloadsHere is a compiled list of Cross-Site Scripting (XSS) payloads, 298 in total, from various sites. These payloads are great for fuzzing for both reflective and persistent XSS.2675
How I Stole Plunker Session Tokens with an Angular ExpressionRecently I’ve been spending a lot of time looking into the vulnerabilities happening with some AngularJS implementations. The biggest problem being: mixing server side templates with client side templates.1568
XSS without HTML: Client-Side Template Injection with AngularJSGreat write-up, thanks. To prevent XSS, user-supplied input such as < or " must be encoded differently in your output depending on whether it's outside an HTML tag, inside a tag definition or part of an attribute value.610
Angular Template Injection Payloads1.3.2 and below {{7*7}} 'a'.constructor.fromCharCode=[].join; 'a'.constructor[0]='\u003ciframe onload=alert(/Backdoored/)\u003e'; {{ 'a'.constructor.prototype.charAt=[].join; $eval('x=""')+'' }} {{ 'a'.constructor.prototype.charAt=[].join; $eval('x=alert(1)')+'' }} {{constructor.404
Adapting AngularJS Payloads to Exploit Real World ApplicationsEvery experienced pentester knows there is a lot more to XSS than <script>alert(1)</script> - filtering, encoding, browser-quirks and WAFs all team up to keep things interesting. AngularJS Template Injection is no different.934
xss-polyglotsA polyglot is a payload that can be used in more than one context and still be treated as valid data. To learn more about polyglots check out this talk. The xss-polyglots package exports a function that returns an array of payloads.85
XSS without HTML: Client-Side Template Injection with AngularJSAbstract Naive use of the extremely popular JavaScript framework AngularJS is exposing numerous websites to Angular Template Injection.2578
ng-owasp: OWASP Top 10 for AngularJS Applications0
Case Study of JavaScript Engine VulnerabilitiesCase Study of JavaScript Engine Vulnerabilities V8 CVE Number Feature Keywords Credit CVE-2013-6632 TypedArray Integer Overflow, OOB Pinkie Pie CVE-2014-1705 TypedArray Invalid Array Length, OOB geohot CVE-2014-3176 Array.concat Side Effect, OOB lokihardt CVE-2014-7927 Optimization asm.1165
Bypass XSS blacklist “<”, “>”, “&” input nvarcharI'm using some software that is blacklisting certain characters "<", ">", "&" for user submitted values. It isn't HTML encoding the values when displaying the submitted results (outputs all submitted results in a table).396
Accurate XSS Detection with BurpSuite and PhantomJSEdit: You can see a video on how to leverage this tool (above) or visit our YouTube page - here. Cross Site Scripting (XSS) attacks occur when output from an application is not properly encoded, allowing a malicious user to inject and execute JavaScript code within the target application.1090
Stealing passwords from McDonald's usersBy abusing an insecure cryptographic storage vulnerability (link) and a reflected server cross-site-scripting vulnerability (link) it is possible to steal and decrypt the password from a McDonald’s user.660
Using Javascript in CSSIs it possible to use Javascript inside CSS? If it is, can you give a simple example?1236
Cross Site Scripting without special charsI'm testing a web application and I found a XSS vulnerability. I can break a tag and inject some code to the application but nothing potentialy dangerous for the client.117
Cross-site Scripting (XSS)Cross-site Scripting (XSS) is a client-side code injection attack. The attacker aims to execute malicious scripts in a web browser of the victim by including malicious code in a legitimate web page or web application.2057
The XSS Sandbox0
Preventing XSS Attacks in ASP.NET MVC using ValidateInput and AllowHTMLWhat is XSS? How can we prevent the same in MVC?541