当前节点:brutelogic
时间节点
2020-09-18 02:01:56brutelogic.com.br
Testing for Cross-Site Scripting (XSS) might seem easy at first sight, with several hacking tools automating this process. But regardless of how tests to find a XSS are performed, automated or manually, here we will see a step-by-step procedure to try to find most of the XSS cases out there. For that we will use … Continue reading Testing for XSS (Like a KNOXSS)
The post Testing for XSS (Like a KNOXSS) appeared first on Brute XSS.
2020-09-18 02:01:56brutelogic.com.br
In some cases, an information passed in one of the HTTP headers of the application is not correctly sanitized and it’s outputted somewhere in the requested page or in another end, giving rise to a XSS situation. But unfortunately, once an attacker can’t make a victim to edit his/her own HTTP headers in an actual … Continue reading XSS via HTTP Headers
The post XSS via HTTP Headers appeared first on Brute XSS.
2020-09-16 08:29:02brutelogic.com.br
Some Cross-Site Scripting (XSS) vectors arise from strict but allowed possibilities, forming tricky combinations. It’s all about contexts and sometimes the interaction between different contexts with different filters lead to some interesting bypasses. Although in the same document (or page), usually the source code of a HTTP response is formed by 3 different contexts: HTML, … Continue reading Filter Bypass in Multi Context
The post Filter Bypass in Multi Context appeared first on Brute XSS.
2020-05-10 09:35:35brutelogic.com.br
Some Cross-Site Scripting (XSS) vectors arise from strict but allowed possibilities, forming tricky combinations. It’s all about contexts and sometimes the interaction between different contexts with different filters lead to some interesting bypasses. Although in the same document (or page), usually the source code of a HTTP response is formed by 3 different contexts: HTML, … Continue reading Filter Bypass in Multi Context
The post Filter Bypass in Multi Context appeared first on Brute XSS.