Vulns
Sites
Cross Site Scripting (XSS)
Malicious scripts are injected into trusted websites. Attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user.
Try/learn XSS techniques: https://xss-game.appspot.com/
https://portswigger.net/web-security
https://medium.com/bugdecoder/google-xss-game-walkthrough-70d801dd922
Manual Testing
Common Check for XSS
-User input is directly included in the page without proper escaping
Any input field enter <script>alert(1)</script>
Finding XSS vulnerabilities with "Big list of Naughty Strings"
https://github.com/minimaxir/big-list-of-naughty-strings
Clone or Download Zip
The blns.txt file is the only file we need
There are almost 1000 strings to test. Most have comments to help narrow down what to test for.
Web apps often keep user data in server-side and client-side databases and later display it to users.
-Try an element with a JavaScript attribute instead
<img src=a onerror=alert('XSS')>
Executing scripts that appear in input is sometimes hidden by higher-level APIs which use one of these functions under the hood. (Sinks)
https://brutelogic.com.br/blog/dom-based-xss-the-3-sinks/
https://blog.0daylabs.com/2019/02/24/learning-DomXSS-with-DomGoat/
Sinks are the places where untrusted data coming from the sources is actually getting executed resulting in DOM XSS: