Highest Voted 'reflected-xss' Questions - IT Security Stack Exchange

35

votes

8 answers

Is reflected XSS still relevant today?

I've been learning more about XSS (for the unfamiliar, Excess XSS is a great resource). I opted to get my hands dirty and give Reflected XSS a try on a local environment. I set up a very simple vulnerable PHP page running on Apache2 which takes a…

xss javascript reflected-xss

asked Jul 02 '17 at 08:07

Gigi

1,280
1
11
12

11

votes

1 answer

How to report a vulnerability in a site that wants to call the FBI?

I was browsing a site recently that looked like it had been designed in 2000. However, this site has a good Alexa rank and a fairly active online community. For the protection of the site, I will not give specific details about the site. I found a…

xss disclosure reflected-xss

asked Apr 12 '18 at 20:44

user175564

111
4

7

votes

2 answers

Bypassing browsers URL encoding to do reflected XSS from query parameter?

I tried to get reflected XSS in vulnerable website with a request to the following URL: https://vulnerable.website/dir/dir?param1=test">

xss javascript encoding reflected-xss

asked Jan 26 '18 at 17:35

Tarek Zidan

73
1
1
4

7

votes

2 answers

XSS inside anchor tag () without user interaction?

Is it possible to inject a payload inside tag such that the script runs without user interaction? The injection is inside the href attribute. I can inject onmouseover or onclick attributes, but user interaction is required. The onfocus and…

xss reflected-xss

asked Sep 06 '17 at 15:47

Gari BN

485
1
6
14

6

votes

1 answer

What was the real reason for dropping reflected-xss directive from CSP?

There were two response headers which could be set by servers to instruct browsers to enable heuristics based reflected XSS detection and prevention in the past. X-XSS Protection: 1; mode=block Content-Security-Policy: reflected-xss X-XSS…

xss content-security-policy reflected-xss

asked Dec 19 '19 at 21:39

hax

3,851
1
16
34

6

votes

1 answer

XSS in textarea when < and > are not allowed?

I am trying to perform XSS on the injection point marked with XXXX here:

…

xss reflected-xss

asked Apr 20 '18 at 09:51

Lucian Nitescu

1,802
1
13
27

5

votes

3 answers

Is non-executed content still considered XSS?

I'm working through an OWASP Zap report that has flagged several URLs on the domain as being vulnerable to XSS, but the vulnerability is never output in a context that is executable by the browser. For instance, the report is showing…

xss owasp zap reflected-xss

asked Apr 27 '20 at 17:10

Noah Heck

151
3

5

votes

3 answers

Is this code vulnerable to Reflected XSS?

I'm doing a pentest and came by this code: (function() { var subdomain = (function() { var query = /[?&]css=([^&#]*)/i.exec(window.location.search); if(query) { return query[1]; } …

xss reflected-xss

asked Sep 10 '18 at 15:22

Sam

426
3
15

4

votes

3 answers

Reflected XSS in a JavaScript URL with some characters blocked

I am new to the field of Web Security and am practising labs from Portswigger Web Security Academy. In this lab, we have to call the alert function with 1337 as the parameter. The solution given on the website is…

xss javascript reflected-xss

asked Apr 01 '20 at 02:51

positron

165
10

4

votes

1 answer

Why the following XSS vectors work without closing bracket?

The following XSS injections will execute without the accompanying closing tag (see this demo):

xss reflected-xss

asked Oct 28 '18 at 07:22

Y M

143
5

4

votes

1 answer

How to perform XSS in hidden HTML input fields using accesskey?

I am trying to insert a XSS payload into a hidden HTML input field. I know it works with a script tag like below, but I am looking for other alternatives. " /> I found this…

xss reflected-xss

asked Dec 12 '17 at 09:05

viharika

143
1
1
5

4

votes

1 answer

XSS - double quote and backslash escaping

I'm currently testing my own XSS filter and don't know if I thought everything through, so I need some advice. Let's say my code looks like this: In this…

xss reflected-xss

asked Oct 10 '17 at 18:10

Evo_x

143
1
5

4

votes

1 answer

Impact of the response content-type on the exploitability of XSS

I've come across an API of a web application I'm testing, which reflects with unescaped, unencoded, user-controlled data for some requests. However, the response includes the header Content-Type: application/json;charset=UTF-8. The response body is…

xss reflected-xss

asked Sep 14 '17 at 07:37

SaAtomic

989
2
15
27

3

votes

2 answers

Further exploit self XSS

I´m pentesting a clients website and found a self XSS Vulnerability in the Login Page: in case of a login error the Error Page shows the Username, so if you input as User, it shows the alert box. However, it´s probably…

reflected-xss self-xss

asked Feb 24 '21 at 07:58

Opera of the Phantom

185
9

3

votes

1 answer

Is an XSS via Cross-Site File Upload (CSFU) practically exploitable?

I came across a very interesting case: The user uploads a file The file contains The web app shows the file's content to the user -> the XSS payload is executed The file is not stored in any way, shape or form (forget…

xss csrf reflected-xss

asked Feb 17 '21 at 18:22

Cob013

133
4

1

2 3 4 5 6 Next

Questions tagged [reflected-xss]