On April 18, 2018, Drupal has released security updates to address a Cross Site Scripting vulnerability affecting CKEditor, a third-party JavaScript library included in Drupal core. A remote attacker could exploit some of these...
Web Vulnerability Analysis / WebApp PenTest
by do son · Published November 3, 2017 · Last modified October 10, 2021
xsssniper is a handy xss discovery tool with mass scanning functionalities. What it does is scanning target URL for GET parameters and then inject an XSS payload (Y) into them and parse the response...
Web Exploitation / WebApp PenTest
by do son · Published July 10, 2017 · Last modified October 10, 2021
XSS, cross-site scripting is a vulnerability that allows an attacker to insert malicious code (JavaScript) into a website script. Once a script has been found to be vulnerable the attacker can e-mail or post a link...
PyRecommender Recommends optimal injection code for you. PyRecommender can recommend optimal injection code for detecting web app vulnerabilities. Current PyRecommender’s version is beta, it only supports reflective Cross Site Scripting (RXSS). Please refer to this blog for...
Web Vulnerability Analysis / WebApp PenTest
by do son · Published August 7, 2017 · Last modified March 25, 2018
PHP_Code_Static_Analysis A basic script to detect vulnerabilities into a PHP source code Currently detecting : SQL injection Local File Inclusion Insecure emails Cross Site Scripting Remote Commands Execution LDAP injection XPATH injection Header injection...
Web Vulnerability Analysis / WebApp PenTest
by do son · Published May 25, 2017 · Last modified March 10, 2018
Shuriken was developed by Shogun Lab as an open source Cross-Site Scripting (XSS) command line utility to aid web security researchers who want to test a list of XSS payloads in a web application....
Web Vulnerability Analysis / WebApp PenTest
by do son · Published August 7, 2017 · Last modified January 27, 2018
Damn Web Scanner Another web vulnerabilities scanner, this extension works on Chrome and Opera. The extension is working in the background and will notify you if it finds any vulnerability Currently, it scans for:...
On this post, i want to introduce the tips to bypass XSS filter. Cross Site Scripting (XSS) is a Web application attack in the data output to the page when there is a problem,...
In the XSS world, there are many tags, events, attributes can be used to execute js. Tag can execute js <script> <a> <p> <img> <body> <button> <var> <div> <iframe> <object> <input> <select> <textarea> <keygen>...
Web Vulnerability Analysis / WebApp PenTest
by do son · Published April 10, 2017 · Last modified July 26, 2017
1. What is Cross Site Scripting? Cross Site Scripting (Cross Site Scripting, XSS) is a Web application attack in the data output to the page when there is a problem, leading to an attacker...
