Cross Site Scripting
Introduction
Cross-Site Scripting (XSS) is a type of injection which allows users to run custom scripts on trusted website. On giving a url to the users, it might allow one to showcase a custom page on a trusted website or redirect a user, allowing him to steal his cookies and do session hijacking.
Checking for cross site scripting
1) Download Firefox browser. This does not required Kali and can be tested in windows as well as Mac.
2)In Firefox, type about:config in url.
3) Search for browser.urlbar.filter.javascript .
4) Double click on it, to change the value to false.
5) Now open the website which you want to test.
6) Generally, XSS is present in search bars.
7) In search bar type <script>alert(1)</script> and press enter
8) If you see an alert box, then the site is vulnerable to cross site scripting.
9) If it doesn't work, you can try the cheat sheet at
https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
10) If none of that works, there may be some workarounds, but the chances of that are very low and your site is immune to XSS
11) For learning how to do session hijacking using XSS, keep following this blog.
Always remember to use Kali for helpful purposes and not use it to cause harm.
Stay Safe.
Follow us on Facebook:- Facebook.com/VAPTHacker
Hey Guys !
ReplyDeleteUSA Fresh & Verified SSN Leads with DL Number AVAILABLE with 99.9% connectivity
All Leads have genuine & valid information
**HEADERS IN LEADS**
First Name | Last Name | SSN | Dob | DL Number | Address | City | State | Zip | Phone Number | Account Number | Bank Name | Employee Details | IP Address
*Price for SSN lead $2
*You can ask for sample before any deal
*If anyone buy in bulk, we can negotiate
*Sampling is just for serious buyers
==>ACTIVE, FRESH CC & CVV FULLZ AVAILABLE<==
->$5 PER EACH
->Hope for the long term deal
->Interested buyers will be welcome
**Contact 24/7**
Whatsapp > +923172721122
Email > leads.sellers1212@gmail.com
Telegram > @leadsupplier
ICQ > 752822040