InfoSec

XSS DOM Exploitation

As in the previous post - this post expands on the process in which you send information entered into a webpage to an attacker hosted site. In this example you are exploiting a DOM based XSS vulnerability which means that the vulnerability is exploited entirely on the user/victim side (before interaction with the site/server). You… Continue reading XSS DOM Exploitation

Advertisements
InfoSec

Persistent XSS and how to really exploit it.

I've seen many tutorials over the last few months regarding the good old: alert('XSS') piece of XSS, but in essence this does very little for you - it just proves that the site is vulnerable to XSS. So a good way to really exploit and make use of a persistent XSS vulnerability is to do… Continue reading Persistent XSS and how to really exploit it.

InfoSec

DNS Subdomain Enumeration

Another great tool I recently came across is the subbrute tool. I know that dirb and dirbuster can help you enumerate the various paths for a URL/domain, but this tool lets you go the other way by discovering the subdomains. To install the tool on Kali: git clone https://github.com/TheRook/subbrute.git Then to run it you only… Continue reading DNS Subdomain Enumeration