This forum is in archive mode. You will not be able to post new content.

Author Topic: XSS - How to find the exploits  (Read 522 times)

0 Members and 1 Guest are viewing this topic.

Offline 650m

  • /dev/null
  • *
  • Posts: 10
  • Cookies: -2
    • View Profile
XSS - How to find the exploits
« on: October 18, 2014, 12:36:57 AM »
Hi guys, I'm really new to this topic but it's interesting as hell
I read alot and I think I got the differences between the XSS types and how they work.

But I'm still confused how to reveal exploits where I can inject the script
I know that I need to look for user inputs but not exactly what to do with the URL to test the exploit

Especially Reflected XSS is interesting for me, but like I said, I have some troubles with testing if exploit work or not

I found the OWASP Cheat Sheet but this is overwhelming 

Offline M1lak0

  • Peasant
  • *
  • Posts: 129
  • Cookies: 10
    • View Profile
XSS - How to find the exploits
« Reply #1 on: October 18, 2014, 06:35:46 AM »

Check this.. Well there the 1st link is an example of reflected xss as I am seccessful in loading <script> tag which pops up with the database name.. Tough this is quite higher level of xss..
So i would say,

It depends on how the xss filters are implimented so you will only know after you try basic filters..


Check the source code how its working and where is the code you actually executed and based on that you have to craft the input in such a way that the above script runs.. :)

I could have given you a better example but I am from tapatalk.. I'll surely give you as I bootup my system..
« Last Edit: October 18, 2014, 06:38:16 AM by M1lak0 »
"Security is just an illusion"


Want to be here? Contact Ande, Factionwars or Kulverstukas on the forum or at IRC.