Vulns

Sites

https://www.exploit-db.com


Cross Site Scripting (XSS)

Malicious scripts are injected into trusted websites. Attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user.

Try/learn XSS techniques: https://xss-game.appspot.com/

https://portswigger.net/web-security

https://medium.com/bugdecoder/google-xss-game-walkthrough-70d801dd922

Manual Testing

Common Check for XSS

-User input is directly included in the page without proper escaping

Any input field enter <script>alert(1)</script>


Finding XSS vulnerabilities with "Big list of Naughty Strings"

https://github.com/minimaxir/big-list-of-naughty-strings

Clone or Download Zip

The blns.txt file is the only file we need

There are almost 1000 strings to test. Most have comments to help narrow down what to test for.


Web apps often keep user data in server-side and client-side databases and later display it to users.

-Try an element with a JavaScript attribute instead

<img src=a onerror=alert('XSS')>


Executing scripts that appear in input is sometimes hidden by higher-level APIs which use one of these functions under the hood. (Sinks)

https://brutelogic.com.br/blog/dom-based-xss-the-3-sinks/

https://blog.0daylabs.com/2019/02/24/learning-DomXSS-with-DomGoat/

Sinks are the places where untrusted data coming from the sources is actually getting executed resulting in DOM XSS: