Web Exploitation / Web Vulnerability Analysis / WebApp PenTest
by do son · Published June 24, 2017 · Last modified February 24, 2018
WebGoat WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. This program is a demonstration of common server-side application flaws. The exercises are intended to be used by...
Cross-site scripting (XSS) is a type of computer security vulnerability that is normally present in web applications. XSS allows attackers to implement client scripts on web pages viewed by other users. Vulnerability XSS can...
Web Vulnerability Analysis / WebApp PenTest
by do son · Published June 14, 2017 · Last modified February 7, 2018
XSS Radar is a tool that detects parameters and fuzzes them for cross-site scripting vulnerabilities. It’s also the first tool developed by the Bug Bounty Forum community! How do I install it? At present, we’re only supporting the...
A file upload point is an excellent opportunity to execute XSS applications. Many sites have user rights to upload personal data pictures of the upload point, you have a lot of opportunities to find...
Web Vulnerability Analysis / WebApp PenTest
by do son · Published June 4, 2017 · Last modified July 30, 2017
Powerfuzzer is a highly automated and fully customizable web fuzzer (HTTP protocol based application fuzzer) based on many other Open Source fuzzers available and information gathered from numerous security resources and websites. It was...
Web Vulnerability Analysis / WebApp PenTest
by do son · Published May 26, 2017 · Last modified February 10, 2018
BruteXSS is a tool written in python simply to find XSS vulnerabilities in the web application. This tool was originally developed by Shawar Khan in CLI. I just redesigned it and made it GUI...
Web Vulnerability Analysis / WebApp PenTest
by do son · Published May 25, 2017 · Last modified March 10, 2018
Shuriken was developed by Shogun Lab as an open source Cross-Site Scripting (XSS) command line utility to aid web security researchers who want to test a list of XSS payloads in a web application....
In the XSS world, there are many tags, events, attributes can be used to execute js. Tag can execute js <script> <a> <p> <img> <body> <button> <var> <div> <iframe> <object> <input> <select> <textarea> <keygen>...
Cross-site scripting (XSS) is a common vulnerability in Web vulnerability analysis. In many cases, it was easy to enter without filtering easily, but most of the services analyzed had strong filtering. However, there are...
Cross Site Scripting (Cross Site Scripting, XSS) is a Web application attack in the data output to the page when there is a problem, leading to an attacker can be constructed malicious data displayed...
Collected some of the more useful XSS payload, used to bypass the waf and some applications: <sCrIpt>alert(1)</ScRipt> \<iMg srC=1 lAnGuAGE=VbS oNeRroR=mSgbOx(1)> <img src=’1′ onerror\x00=alert(0) /> <img src=’1′ onerror/=alert(0) /> <img src=’1′ onerror\x0b=alert(0) /> <img...
Web Vulnerability Analysis / WebApp PenTest
by do son · Published April 10, 2017 · Last modified July 26, 2017
1. What is Cross Site Scripting? Cross Site Scripting (Cross Site Scripting, XSS) is a Web application attack in the data output to the page when there is a problem, leading to an attacker...
Web Exploitation / WebApp PenTest
by do son · Published March 10, 2017 · Last modified December 16, 2017
Recently, WordPress team is published WordPress version 4.7.3. This version fixed some errors that existed in previous WordPress versions. On this post, I am going to analysis WordPress 4.7.2 Cross-Site Scripting (XSS) via Taxonomy...
Hi all, A penetration test (pentest for short) is a method of attacking a computer’s systems in the hope of finding weaknesses in its security. If the pentest successfully gains access, it shows that...
XSS Attack is the principle of the attacker will be malicious code implanted into the page, resulting in the user browsing the page will be in the trick! XSS can: Steal user, administrator session to...
Secure Your Connection
