Questions tagged [reflected-xss]
84 questions
1
vote
1 answer
Reflected XSS monitoring
There is a lot of information on how to avoid or detect XSS, but I couldn't find much information on how to monitor for reflected XSS. Is there a way to automatically detect reflected XSS in my application's logs?
My guess is that we can run a…
![](../../users/profiles/241174.webp)
vybiar
- 11
- 1
1
vote
1 answer
Demonstrating reflected XSS with GET Parameter and URL encoding
A client is developing a website which is vulnerable to reflected XSS through a GET parameter:
https://example.com/vulnerable-url?")||true)alert("XSS");
I would like to demonstrate this vulnerability by providing a link like the above but…
![](../../users/profiles/116126.webp)
user1330734
- 389
- 7
- 16
1
vote
0 answers
CSS Injection without colon
I'm looking for a way to create a CSS injection proof-of-concept. I can insert the following and it gets reflected in the browser:
The only issue is that the colon gets URL encoded, which prevents the css…
![](../../users/profiles/198399.webp)
br0wnrice
- 11
- 2
1
vote
2 answers
What are the common features to identify XSS attack from Apache log file?
I have tried some XSS vulnerability on web application such as webgoat, OWASP mutillidae, bWAPP. I want to know the features/keywords/footprints of cross site scripting attack in apache log file and from these footprints, it is possible to identify…
![](../../users/profiles/194698.webp)
Shree
- 151
- 1
- 7
1
vote
1 answer
How can I steal all cookies from reflected XSS?
I just found a website with a XSS vulnerability. When I visit the following URL, a pop up occurs:
https://example.com/article/HALLOWEEN">
I have a cookielogger.php on my server with this code, so that when I visit…
![](../../users/profiles/187126.webp)
Yosua Kristanto
- 11
- 1
- 2
1
vote
2 answers
XSS with URL encoding
If a website URL gets encoded then is the website still vulnerable to XSS or no?
For example, if I try and the site URL encodes my payload to %3Cscript%3Ealert(1)%3C%2Fscript%3E does this mean the site is vulnerable to XSS…
![](../../users/profiles/181701.webp)
Rifat Shommo
- 51
- 1
- 1
- 4
1
vote
2 answers
Why is unsanitized output from ajax request bad?
I know what I just described is a reflected XSS vulnerability. What I can't figure out is why it is a vulnerability. Because the way I see it, a user can't be directed to the attacker's content because the AJAX is executed without a page refresh or…
![](../../users/profiles/131396.webp)
Adam McGurk
- 73
- 8
1
vote
1 answer
How to bypass response Location in order to obtain content XSS?
In some basic steps:
POST Request containing a photo with multipart/form-data.
HTTP/1.1 302 Found respond with redirect back to formular
Redirect to initial formular.
In case 1 we are able to control the filename allowing us to use any kind of…
![](../../users/profiles/98652.webp)
Lucian Nitescu
- 1,802
- 1
- 13
- 27
1
vote
0 answers
xsser fails to find easy XSS vulnerability (Web For Pentester)
I tried to evaluate the effectivity of xsser (http://xsser.03c8.net) by letting it run against the "Web For Pentester" XSS tests (https://pentesterlab.com/exercises/web_for_pentester/course) is it implements very easy exploitable XSS vulnerabilities…
![](../../users/profiles/171473.webp)
user1192748
- 273
- 1
- 8
1
vote
2 answers
Is all reflected XSS bad?
I stumbled on a site today that was vulnerable to XSS. I was able to get an alert box to display via an input box and some JavaScript. I was about to report this to the site owner, but I realized there were no queries in the URL and this attack…
![](../../users/profiles/156397.webp)
Guest123
- 11
- 1
0
votes
2 answers
Why is an XSS payload in the address bar executed?
I was playing with OWASP Mutillidae II and in one page I've found a vulnerability. In the address bar I've wrote something like this:
127.0.0.1/.../?page=text-file-viewer.php/">
The alert box pops up, but I don't…
![](../../users/profiles/42544.webp)
malloc
- 854
- 1
- 9
- 11
0
votes
1 answer
Reflected DOM XSS Portswigger Lab
I'm a total beginner and im trying to solve Portswigger Academy labs. I'm studying on XSS right now and im stuck in somewhere.
Lab Details:This lab demonstrates a reflected DOM vulnerability. Reflected DOM vulnerabilities occur when the server-side…
![](../../users/profiles/281985.webp)
kgngkbyrk
- 3
- 1
0
votes
1 answer
XSS payload to Send request to server without closing tag
I was testing a website which does not have XSS in their scope. So I thought it would be a good idea to escalate XSS to a bug which is valid. I need to make a request to my server but the problem is closing tag > or forward slashes / are escaped but…
![](../../users/profiles/281734.webp)
ShellyShubh Dev
- 3
- 2
0
votes
1 answer
Is it possible to get xss in json body request?
I was doing a VAPT assessment in which I see some JSON body in the request which has orgid deviceid
So there any possibility to get XSS in json body?
![](../../users/profiles/279671.webp)
B3ingN00b
- 3
- 2