Author Topic: XSS - How to find the exploits (Read 497 times)

650m · « **on:** October 18, 2014, 12:36:57 am »

Hi guys, I'm really new to this topic but it's interesting as hell
I read alot and I think I got the differences between the XSS types and how they work.

But I'm still confused how to reveal exploits where I can inject the script
I know that I need to look for user inputs but not exactly what to do with the URL to test the exploit

Especially Reflected XSS is interesting for me, but like I said, I have some troubles with testing if exploit work or not

I found the OWASP Cheat Sheet but this is overwhelming

M1lak0 · « **Reply #1 on:** October 18, 2014, 06:35:46 am »

https://evilzone.org/index.php?topic=16953

Check this.. Well there the 1st link is an example of reflected xss as I am seccessful in loading <script> tag which pops up with the database name.. Tough this is quite higher level of xss..
So i would say,
Index.php?id=bla

It depends on how the xss filters are implimented so you will only know after you try basic filters..

Index.php?id=bla<script>alert('xss')</script>

Check the source code how its working and where is the code you actually executed and based on that you have to craft the input in such a way that the above script runs..

I could have given you a better example but I am from tapatalk.. I'll surely give you as I bootup my system..

EvilZone

News:

Author Topic: XSS - How to find the exploits (Read 497 times)

650m

XSS - How to find the exploits

M1lak0

XSS - How to find the exploits