Become King Of Hell

Web Hacking Taku XSS Handbook For HellOfHackers Members

taku

taku

New member
#1
Joined
Jan 6, 2022
Messages
6
Location
root@government #~
Hellcoins
♆213
This Guide Was Written For HellForums in Old Days But It Is Still Valuable
Introduction
This is going to be my official XSS handbook. I've written a XSS handbook on a different alias, but
decided to leave it due to it being used in too many databases.
Please note that this is not copied, because that would trace back to my old alias.

This handbook is now updated and fixed.
What is XSS?
XSS, also known as cross-site scripting is a web vulnerability. It's caused when the user input
is not sanitized correctly, and is therefore executed.

Let's say there's a search box on a website. If you search for the word "cat" and press enter you'll
probably come to a second page where it says something like "500 results for the word 'cat'".
This means that the websites HTML is looking something like this.
QUOTE:
<h1>500 results for the word 'cat'.</h1>
Click to expand...
Now, let's say this website was vulnerable to XSS and you changed your input from cat to HTML code, it's
not sanitized correctly and is executed. Let's say you search for this instead: <script>alert('XSS')</script>.

Now the HTML code would look like this instead.
You must reply before you can see the hidden data contained here.
 
D

dark_phonix

Member
#2
Joined
Sep 4, 2023
Messages
29
Hellcoins
♆34
taku said:
This Guide Was Written For HellForums in Old Days But It Is Still Valuable
Introduction
This is going to be my official XSS handbook. I've written a XSS handbook on a different alias, but
decided to leave it due to it being used in too many databases.
Please note that this is not copied, because that would trace back to my old alias.

This handbook is now updated and fixed.
What is XSS?
XSS, also known as cross-site scripting is a web vulnerability. It's caused when the user input
is not sanitized correctly, and is therefore executed.

Let's say there's a search box on a website. If you search for the word "cat" and press enter you'll
probably come to a second page where it says something like "500 results for the word 'cat'".
This means that the websites HTML is looking something like this.

Now, let's say this website was vulnerable to XSS and you changed your input from cat to HTML code, it's
not sanitized correctly and is executed. Let's say you search for this instead: <script>alert('XSS')</script>.

Now the HTML code would look like this instead.
[Hidden content]
Click to expand...
hi
 
You must log in or register to reply here.
Top