XSS DOM Exploitation

As in the previous post - this post expands on the process in which you send information entered into a webpage to an attacker hosted site. In this example you are exploiting a DOM based XSS vulnerability which means that the vulnerability is exploited entirely on the user/victim side (before interaction with the site/server). You … Continue reading XSS DOM Exploitation


Persistent XSS and how to really exploit it.

I've seen many tutorials over the last few months regarding the good old: alert('XSS') piece of XSS, but in essence this does very little for you - it just proves that the site is vulnerable to XSS. So a good way to really exploit and make use of a persistent XSS vulnerability is to do … Continue reading Persistent XSS and how to really exploit it.