EvilZone

Hacking and Security => Hacking and Security => : 650m October 18, 2014, 12:36:57 AM

: XSS - How to find the exploits
: 650m October 18, 2014, 12:36:57 AM

Hi guys, I'm really new to this topic but it's interesting as hell
I read alot and I think I got the differences between the XSS types and how they work.

But I'm still confused how to reveal exploits where I can inject the script
I know that I need to look for user inputs but not exactly what to do with the URL to test the exploit

Especially Reflected XSS is interesting for me, but like I said, I have some troubles with testing if exploit work or not

I found the OWASP Cheat Sheet but this is overwhelming 

: XSS - How to find the exploits
: M1lak0 October 18, 2014, 06:35:46 AM

https://evilzone.org/index.php?topic=16953 (https://evilzone.org/index.php?topic=16953)

Check this.. Well there the 1st link is an example of reflected xss as I am seccessful in loading <script> tag which pops up with the database name.. Tough this is quite higher level of xss..
So i would say,
Index.php?id=bla

It depends on how the xss filters are implimented so you will only know after you try basic filters..

Index.php?id=bla<script>alert('xss')</script>

Check the source code how its working and where is the code you actually executed and based on that you have to craft the input in such a way that the above script runs.. :)

I could have given you a better example but I am from tapatalk.. I'll surely give you as I bootup my system..