var unreadAlerts = '1';
You have one unread private message from dkota titled Welcome to the Forum!

XSS tutorial for newbies
#1
 
Hello and welcome to this basic tutorial regarding XSS

- What is XSS?
Code:
XSS stands for Cross-Site scripting, it is essentially when an app, usually a web browser or an app that parses HTML allows unsanitized user input to be displayed to other users.


- How to exploit a simple XSS vulnerability?
Code:
Example: You found a blog website that allows you to post a comment, good right? Well that website does not sanitize your input to escape characters like <>
What you can do is to insert a simple XSS testing HTML code like: <script>alert("You have been hacked!")</script>
That code would execute on everyone visiting the blog website, now you can do pretty cool things like stealing Cookies and bunch other things e.g. Obtain access to an admin account, Deface the website, etc..

- How to protect my website or app from XSS?
Code:
Do not trust the user. Consider everything being supplied by the user is malicious, escape characters from user supplied input, use good coding practices and do your research starting with optimal server configuration that fit your needs to documentation regarding functions and libraries you use in your programming language of choice

I hope you learned something out of this basic post
If you have any questions, please PM dkota
#2
Nice, I highly recommend portswigger to practice and learn more about it!

https://portswigger.net/web-security/cro...exploiting
Reply Quote // Report
#3
prince97 Wrote: Hello and welcome to this basic tutorial regarding XSS

- What is XSS?
Code:
XSS stands for Cross-Site scripting, it is essentially when an app, usually a web browser or an app that parses HTML allows unsanitized user input to be displayed to other users.


- How to exploit a simple XSS vulnerability?
Code:
Example: You found a blog website that allows you to post a comment, good right? Well that website does not sanitize your input to escape characters like <>
What you can do is to insert a simple XSS testing HTML code like: <script>alert("You have been hacked!")</script>
That code would execute on everyone visiting the blog website, now you can do pretty cool things like stealing Cookies and bunch other things e.g. Obtain access to an admin account, Deface the website, etc..

- How to protect my website or app from XSS?
Code:
Do not trust the user. Consider everything being supplied by the user is malicious, escape characters from user supplied input, use good coding practices and do your research starting with optimal server configuration that fit your needs to documentation regarding functions and libraries you use in your programming language of choice

I hope you learned something out of this basic post

Nicely explained
"It takes just one mistake before they get you, so no mistakes, stay focused"
Reply Quote // Report


Quick Reply
Message
Type your reply to this message here.



Possibly Related Threads…
Thread Author Replies Views Last Post
  Spanish Tutorial Osint Instagram Error404 1 253 05-07-2023, 08:52 AM
Last Post: GlocciniaX



Users browsing this thread: purely_cabbage
var thread_deleted = "0"; if(thread_deleted == "1") { $("#quick_reply_form, .new_reply_button, .thread_tools, .inline_rating").hide(); $("#moderator_options_selector option.option_mirage").attr("disabled","disabled"); }