OP 24 October, 2020 - 10:01 PM
Hi, Porky here with a tutorial
What do I need to learn to do XSS
What do I need to learn to do XSS
- Basic HTML tags
- Basic to advanced Javascript
WAF Bypass is a bonus
What is XSS
XSS (Cross-site scripting) is an attack where you input code that gets reflected on the website view.
You input a piece of data, for example HTML code, and it is "injected".
For example, you search Hello World in a search bar
The website source code shows this:
What is XSS
XSS (Cross-site scripting) is an attack where you input code that gets reflected on the website view.
You input a piece of data, for example HTML code, and it is "injected".
For example, you search Hello World in a search bar
The website source code shows this:
Code:
[align=center][size=x-large]<b>searched for: Hello World</b>[/size][/align]![[Image: Untitled.png]](https://i.ibb.co/VvXQN9d/Untitled.png)
You can insert an HTML input, for example
Code:
[code]
[align=center][size=x-large]<font size=20>Big letters</font>[/size][/align]Which would result in:
Code:
[align=center][size=x-large]<b>searched for: <font size=20>Big letters</font></b>[/size][/align]![[Image: Untitled2.png]](https://i.ibb.co/LSvfDjs/Untitled2.png)
And if you add <img src=https://...sourceofcatpicture...></img>
![[Image: Untitled3.png]](https://i.ibb.co/HPq3TFJ/Untitled3.png)
Note: There are security measures in place to protect from such an attack. However, very simple/primitive or insecure websites might be vulnerable. In some cases, WAF evasion might be needed. You can try some here: http://testphp.vulnweb.com (a legal target practice website).
like!
