EvilZone
Hacking and Security => Hacking and Security => : kenjoe41 December 20, 2015, 08:20:51 PM
-
To find XSS flaws we need to know where to look for it and how we can detect it. Where to look for it is as simple as complicated: all we need is to probe every input the application has.
We will do it using a probe string: a set of characters that we can look for it in source code in order to know if we can go further to inject a payload.
So let’s think about it: which is the most important single character for a XSS payload? As we are dealing with HTML, the most important is the identifier of a tag: the less than sign “<”.
Read up: http://ezl.ink/v (http://ezl.ink/v)