Topic Information

Introduction to Cross-site Scripting by apple502j in Advanced Topics

Posts: 7

1: apple502j wrote at 4:58:23 AM 15/9/20204418985
XSS (cross-site scripting) is a bug, allowing JavaScript execution.

How do I XSS?
First, you need to find an input that allows HTML characters - I chose scratchsig tag. Next, you need to make script to execute. alert(document.domain) is commonly used.

There are 3 types of XSS: Stored XSS stores crafted content, Reflected XSS uses crafted payload from URL, and DOM XSS is a XSS that happens in the browser, instead of the server.

There are two ways of doing this. script tag is useful for Stored and Reflected XSS:
<script>alert(document.domain)</script>

You can also use onerror, which is used for Reflected and DOM XSS:
<img src onerror="alert(document.domain)">

wip
2: apple502j wrote at 5:02:19 AM 15/9/20204418987
{“user”:{“pk”:“test\” onerror=\“alert(1)\” data-test=\“”}}
3: Jeffalo wrote at 6:37:06 AM 15/9/20204419069
thanks now i hacked google and im millonare
4: ElsieBreeze wrote at 6:58:47 AM 15/9/20204419106

Jeffalo wrote:

thanks now i hacked google and im millonare
I sent 1 request per second to a library and now the police are after me help.
5: CatsUnited wrote at 8:18:30 AM 15/9/20204419195
I was planning on adding a feature to my post count thing where you could add a custom title to yourself just by putting it into your About Me, but because I used innerHTML to apply that particular text onto the page like an amateur (I hadn't done it elsewhere idthink) I didn't add that feature because that would be a big XSS moment and I didn't feel like rewriting that part of the code lol
6: --Explosion-- wrote at 12:14:04 PM 15/9/20204419490

Jeffalo wrote:

thanks now i hacked google and im millonare
-_-
7: EpicGhoul993 wrote at 12:31:25 PM 15/9/20204419532

Jeffalo wrote:

thanks now i hacked google and im millonare
Congrats lol