Cross-site Scripting via WHOIS and DNS Records medium.com/tenable-techbl…
πŸ‘︎ 261
πŸ“°︎ r/netsec
πŸ’¬︎
πŸ‘€︎ u/dinobyt3s
πŸ“…︎ Nov 24 2020
🚨︎ report
TOR Browser appears to allow cross-site scripting?!

So, I have just made a web-app that uses some cross-site scrpting: https://flatassembler.github.io/PicoBlaze/PicoBlaze.html

When you click at an example (like the "Fibonacci Sequence" or "Gray Code"), JavaScript starts fetching the associated PSM file. But that PSM file is not stored on the same domain as the JavaScript is, the JavaScript is stored at the domain "flatassembler.github.io", whereas the PSM file is stored at "raw.githubusercontent.com". I was nearly certain that won't work in TOR Browser, since it is supposed to protect against tracking via cross-site scripting. But, to my surprise, TOR Browser seems not to have any problems loading the examples in my web-app.

Any idea what is going on here? How does it protect against cross-site scripting being used for tracking, if it allows this? I thought the whole point of using TOR Browser over TOR instead of using Firefox over TOR or Chrome over TOR was that TOR Browser doesn't allow scripts to do things damaging to your anonymity, such as cross-site scripting. But apparently TOR Browser allows that.

πŸ‘︎ 37
πŸ“°︎ r/TOR
πŸ’¬︎
πŸ‘€︎ u/FlatAssembler
πŸ“…︎ Nov 16 2020
🚨︎ report
Cross Site Scripting (XSS) Evaluation During Web App Penetration Testing

Interested to see just how different firms do things regarding XSS vulnerability detection during a web app penetration test. So there can be many entry points where XSS could be possible in a web application. Do you guys fuzz all input fields (if within scope) using an XSS payload list? Or do you just try a few payloads manually on input fields that you think are likely to be vulnerable? What's your general methodology to make sure you are giving as thorough a test as possible of XSS during an engagement?

πŸ‘︎ 3
πŸ“°︎ r/AskNetsec
πŸ’¬︎
πŸ‘€︎ u/cybernoob101010
πŸ“…︎ Jan 01 2021
🚨︎ report
Finding Users Cookies with Reflective Cross-Site Scripting - TryHackMe

In this video walkthrough, we demonstrated how to get the user's cookies using reflective cross site scripting. We demonstrated the scenario with TryHackMe Machine. This video is part of COMPTIA Pentest+ Pathway.

video is here

https://preview.redd.it/kkv5atxnif261.jpg?width=1276&format=pjpg&auto=webp&s=a1213e6a59c191b073cd5608d23bdf96a011dc7c

πŸ‘︎ 101
πŸ’¬︎
πŸ‘€︎ u/David-hawk
πŸ“…︎ Nov 30 2020
🚨︎ report
In this video walkthrough, we demonstrated how to get the user's cookies using reflective cross-site scripting. We demonstrated the scenario with TryHackMe Machine. This video is part of COMPTIA Pentest+ Pathway. youtube.com/watch?v=0X-9i…
πŸ‘︎ 27
πŸ“°︎ r/LiveOverflow
πŸ’¬︎
πŸ‘€︎ u/MotasemHa
πŸ“…︎ Nov 30 2020
🚨︎ report
ajinabraham/OWASP-Xenotix-XSS-Exploit-Framework - OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework. github.com/ajinabraham/OW…
πŸ‘︎ 3
πŸ’¬︎
πŸ‘€︎ u/LinkDropper
πŸ“…︎ Dec 23 2020
🚨︎ report
MediaWiki bis 1.35.0 BlockLogFormatter.php translateBlockExpiry Cross Site Scripting phpsecure.info/go/177996.…
πŸ‘︎ 2
πŸ“°︎ r/phpAdvisories
πŸ’¬︎
πŸ‘€︎ u/tobozo
πŸ“…︎ Dec 19 2020
🚨︎ report

Please note that this site uses cookies to personalise content and adverts, to provide social media features, and to analyse web traffic. Click here for more information.