In a previous post, I described how to detect and exploit a basic cross site scripting (XSS) vulnerability. The vulnerability that was demonstrated was not being protected by any mechanism. This article will demonstrate exploiting the same vulnerability being protected by HTMLEncode() as oppose to HTMLAttributeEncode() as described...
read more
How to Find and Exploit Cross Site Scripting (XSS) Vulnerabilities In a previous post, How to Prevent Cross Site Scripting, I explain how to prevent Cross Site Scripting (XSS) issues. This article will demonstrate a simple approach how to identify and exploit cross site scripting vulnerabilities. Meet our target.. I am using an old...
read more
Cross Site Scripting (XSS): Brief History Cross Site Scripting (XSS) is a common issue that plagues many web applications, check out xssed for a frame of reference. The most widely scene form is called reflective cross site scripting (XSS). This is when user supplied data is submitted to a application and the data is reflected back...
read more
