How I Built An XSS Worm On Atmail - Bishop Fox xss
7 years ago | comments |
bishopfox.com | Score: 6
Reddit
XSS through Subdomain Takeover xss
7 years ago | comments |
blog.sweepatic.com | Score: 8
Reddit
Excess XSS: A comprehensive tutorial on cross-site scripting xss
7 years ago | 1 comment |
excess-xss.com | Score: 14
Reddit
Non-alphanumeric Javascript using Japanese Katakana xss
7 years ago | comments |
github.com | Score: 8
Reddit
hometown sky xss
7 years ago | 4 comments |
i.redd.it | Score:
Reddit
Du doan ket qua xo so Vung Tau chinh xac nhat thu 3 ngay 13/6/2017 xss
7 years ago | 2 comments |
self.xss | Score:
Reddit
XSS Attacks: The Next Wave xss
7 years ago | comments |
snyk.io | Score: 11
Reddit
DOMXSS on Shopify - writeup xss
7 years ago | comments |
hackerone.com | Score: 7
Reddit
The Most Common XSS Vulnerability in React.js Applications xss
7 years ago | comments |
medium.com | Score: 2
Reddit
XSS over SMS: Hacking Text Messages in Verizon Messages xss
7 years ago | comments |
randywestergren.com | Score: 1
Reddit
Getting creative with Drupal XSS xss
7 years ago | comments |
mortenson.coffee | Score:
Reddit
XSS Explained from Theory to Practice xss
7 years ago | 1 comment |
blog.singular.uk | Score: 12
Reddit
Latest Comment
<img src=”javascript:alert(“Evil”);”>
That won't work in any modern browsers that I'm aware of, some of the other POCs won't either.
Wouldn't hurt to explain the different types of XSS since you mentioned them.
7 years ago
Shuriken - XSS payload testing tool with screenshot capture ability & logging, feedback welcome! xss
7 years ago | 6 comments |
github.com | Score: 10
Reddit
Latest Comment
Hi shogunlab , Its a great tool to automate XSS stuff. I've some points for you
False positives are ok. But getting some true negatives :/
<img src=x onerror=alert(1)> is a valid payload But engine expects me to insert <img src="x" onerror="alert(1)"> to mark it as valid XSS.
Ref:http://imgur.com/a/mOI3V
7 years ago
XSS in Invision Power Board (CVE-2017-8897,8898,8899) xss
7 years ago | comments |
sxcurity.pro | Score: 2
Reddit
Help bypassing a filter xss
7 years ago | 1 comment |
self.xss | Score: 2
Reddit
Latest Comment
'+alert(1)+'
where the + is an actual plus sign and not a space.
<script>var test = {'a': 'a', 'b': ''+alert(1)+'', 'c': 'c'}</script>
7 years ago
N00b question on Xsscrapy xss
7 years ago | 6 comments |
self.xss | Score: 6
Reddit
Latest Comment
Let's break down the payload first:
1zqjre - this is a unique value that is easily grepped. The scanner likely searches for this in the response to see if a payload is reflected without alteration.
'"(){} - reserved characters in javascript, which if they're not properly encoded in the response, can be used to escape out of a JS statement and hijack execution. The point here is not to get execution but to test if the site encodes/strips/blacklists these or not.
<x> - testing to see if there's logic that explicitly detects and bans html tags. If this appears in the response unaltered then you may have luck inserting a script tag, img tag, etc. to get execution. Some WAFs, such as IIS, will ban any input of the form <tag*.
:/1zqjre;9 - more reserved characters to test for rejection or encoding, and the unique value again for easy grepping.
Type: form - this means you're injecting into an HTML form, aka a POST request.
Injection point: searchFor - this is the POST parameter the scanner is targeting.
7 years ago
Steam fixes XSS vulnerability xss
7 years ago | comments |
reddit.com | Score: 12
Reddit
I found a XSS on my university's website - best way to report without potentially being liable for 'hacking'? xss
7 years ago | 13 comments |
self.xss | Score: 9
Reddit
Latest Comment
Fuckers will accuse you of hacking anyway. Send them an anonymous email, with encr with OpenPGP, or if they are not smart enough, just toss a letter into their mailbox (printed of course)
7 years ago
Coinmama Stored XSS xss
7 years ago | 1 comment |
yellowhttp.tumblr.com | Score: 6
Reddit
Latest Comment
Exploits? I'm seeing MitM at the very least. If their SQL is shoddy then there is much more to worry about.
7 years ago
You think you know XSS and Browsers? Win 500-1000Eur for solving this challenge. xss
8 years ago | 4 comments |
xssmas2016.cure53.de | Score: 10
Reddit
Latest Comment
I can't bypass the jQuery CDN, the rest was easy. Anyone succeeded?
7 years ago
Requesting feedback on new anti-XSS project: Outbound-Rules: Protect your admin dashboards from XSS xss
8 years ago | 5 comments |
github.com | Score: 2
Reddit
Latest Comment
Why not just implement a CSP on admin dashboard?
8 years ago
postMessage XSS on a million sites xss
8 years ago | comments |
labs.detectify.com | Score: 7
Reddit
Circumventing angle bracket encoding in url xss
8 years ago | comments |
self.xss | Score: 2
Reddit
Stored XSS in the popular InVision App xss
8 years ago | comments |
medium.com | Score: 2
Reddit
Google creates an online game to teach you about XSS as part of bug bounty program xss
8 years ago | 5 comments |
xss-game.appspot.com | Score: 28
Reddit
Latest Comment
Can u guys give me some tips what is easiest way to learn XSS, I am now to web app hacking and have little programing knowledge :D
8 years ago
Any one know a walkthrough or a solution for xssgolf? I'm going crazy with it xss
8 years ago | 5 comments |
xssgolf.appspot.com | Score: 11
Reddit
Latest Comment
Hm, anyone got a hint for chall2? (spoilers below)
I was able to get it to show an iframe from a remote server with xss=<iframe/src=//3497454484>
(link), but due to the same origin policy I don't think I can solve the challenge that way. Doesn't help that 'on' and 'script' are filtered as well as all whitespace.
8 years ago
Jims Pool Care Service Pool Maintenance and Cleaning xss
8 years ago | comments |
jimspoolcare.com.au | Score:
Reddit
devastating DOM XSS in wix.com xss
8 years ago | comments |
contrastsecurity.com | Score: 18
Reddit
Can I submit XSS to Reddit? xss
8 years ago | 5 comments |
self.xss | Score: 3
Reddit
Latest Comment
8 years ago
XSS by Example xss
8 years ago | comments |
technopy.com | Score: 4
Reddit
XSS via Referrer After Anniversary Update xss
8 years ago | comments |
mksben.l0.cm | Score: 2
Reddit
XSS in Gifs xss
8 years ago | 2 comments |
blog.zsec.uk | Score: 14
Reddit
Latest Comment
Should probably mark that this goes to a page with a nsfw logo on it...
8 years ago
CSP Evaluator xss
8 years ago | comments |
csp-evaluator.withgoogle.com | Score: 3
Reddit
Stored XSS on Pornhub xss
8 years ago | 1 comment |
blog.zsec.uk | Score: 15
Reddit
Latest Comment
Congrats! I found quite a few XSS bugs, but turns out that other researchers kept beating me to it. This one was one of them! I can imagine a lot of people tried attacking the site when the bounty was announced just for the fun of it. Didn't think to look at other subdomains like your other post mentions, so I'll keep that in mind next time
One fun one I found (which was also reported) was that you could change the view key ID of a video and whether a video is for premium users only.
8 years ago
Calling Remote Script With Event Handlers xss
8 years ago | comments |
brutelogic.com.br | Score: 6
Reddit
MIME Sniffing? xss
8 years ago | 3 comments |
self.xss | Score: 1
Reddit
Latest Comment
Other ways than what?
MIME type will be in the Content-Type header.
8 years ago
Jumping Over The Fence - An Amazing Journey After An Open Redirect xss
8 years ago | 3 comments |
fogmarks.com | Score: 1
Reddit
Latest Comment
8 years ago
Four Horsemen of the Web Apocalypse xss
8 years ago | comments |
brutelogic.com.br | Score: 7
Reddit
How to execute HTML decoded js? xss
8 years ago | 8 comments |
self.xss | Score: 7
Reddit
Latest Comment
If you are using Chrome, that browser has the source rendering quirk where you might see a '<' in the source code, but if you look at the response on the wire, it is actually sending '<'. This has thrown me into the same loop as you. Check to see if you are not seeing the same feature.
This is the reason why I don't use Chrome to test most stuff unless I want to confirm something.
8 years ago
Anyway to execute code inside quotes in JS xss
8 years ago | 5 comments |
self.xss | Score:
Reddit
Latest Comment
What about crlf characters?
8 years ago
CSP Is Dead, Long Live CSP! On the Insecurity of Whitelists and the Future of Content Security Policy xss
8 years ago | 1 comment |
research.google.com | Score: 3
Reddit
Latest Comment
I would in no way recommend to use CSP but only in conjunction with the existing proper escaping/validation of input and encoding of output.
Yeah I see that CSP can be bypassed in various ways, does anyone have a compiled list of this?
8 years ago
infosectoughguy: Cool XSS Tricks with Anonymous Javascript Functions xss
8 years ago | 3 comments |
infosectoughguy.blogspot.co.za | Score: 4
Reddit
Latest Comment
8 years ago
The Easiest Way to Bypass XSS Mitigations xss
8 years ago | comments |
brutelogic.com.br | Score: 12
Reddit
XSS Authority Abuse xss
8 years ago | comments |
brutelogic.com.br | Score: 8
Reddit
Lets take a moment to remember /u/xssfinder and his Reddit comment bomb. xss
8 years ago | comments |
self.xss | Score: 19
Reddit
" THE BOX ANONYMOUS MESSAGING SYSTEM " xss
8 years ago | comments |
theboxmmvl6zg3wi.onion | Score:
Reddit
Brute's XSS Cheat Sheet xss
8 years ago | 1 comment |
brutelogic.com.br | Score: 17
Reddit
Latest Comment
Well thank you, good sir!
8 years ago
Is the payload for DOM based XSS defined to originate from only inside the browser or even outside of it xss
8 years ago | 2 comments |
self.xss | Score: 6
Reddit
Latest Comment
I replied to a similar question in an /r/asknetsec thread (here). There are other answers, but mine is the best obviously, lol. I'll include it below.
I think it is a muddy topic, and it probably is a disservice to everyone to classify DOM-based XSS as a different "type" - as it can be both DOM-based and reflected, for example. I don't like your definition which relies on tags/contexts. Here's what I said in the other comment - do you think it answers your question?
Right click on this page, click inspect element
(or whatever it is in your browser). That is the DOM. It is basically the HTML of the page, right? Well, now right click and select view source
. That is the HTML that the server sent to you, and the DOM is what was rendered by your browser. Reflected XSS shows up in view source (and in the DOM). DOM-based would not exist in the source, because the server is not reflecting it back to you, it exists only in the DOM.
How does that happen? Well, let's say I made a very basic webpage. Looks like this:
<html>
<body>
<script>
//write whatever comes after the (#) in the URL to the DOM
document.write('<p>' + window.location.hash.substring(1) + '</p>');
</script>
</body>
</html>
So, that is the source of the page... but if you were to add something after the hash sign in the URL, it would get written to the DOM. So if you requested that page like this: http://example.com/dom.html#howdy
the source of the page would be the same as above, but the DOM would look something like this:
<html>
<head></head>
<body>
<script>
document.write('<p>' + window.location.hash.substring(1) + '</p>');
</script>
<p>howdy</p>
</body>
</html>
Notice how the p
tag exists in the DOM, but not the source.
A big part of the confusion is that DOM-based XSS can be reflected through a parameter to a user... but it could also be stored (it is usually reflected). Basically, you have to write some bad javascript to make your page vulnerable to DOM-based XSS, and you write bad server-side code to make yourself vulnerable to the other kinds.
8 years ago
Ghetto XSS Filter Bypass Cheatsheet xss
8 years ago | 1 comment |
d3adend.org | Score: 13
Reddit
Latest Comment
8 years ago
Evade filter that deletes everything inside <> xss
8 years ago | 5 comments |
self.xss | Score: 5
Reddit
Latest Comment
It's really a pain to test without having the actual site to try things. What about injecting a null byte or parameter pollution?
ex : ?q=%00<asdf>
and ?q=<asdf>&q=<fdsa>
Does it do anything fancy with links? Might be able to bypass it with something like ?q=http://thesite.com&x=<asdfg>
8 years ago