Jump to content

Bypass server side validation using jsunpack for XSS


Recommended Posts

I am performing a security assessment on a website and have discovered a potential XSS vulnerability. I am able to exploit it if I use Burp Suite by supplying my script in place of a parameter in the query string. However, I if I try injecting the code into a URL and clicking on it, the server strips out my JavaScript. I have attempted to use numerous differnet types of encoding with no success. Is there anyway to bypass server side validation? The specific JavaScript unpacker being used is jsunpack. Thanks for any advice in advance.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...