Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
N
N
Nikolai Antonov2015-06-08 01:08:29
JavaScript
Nikolai Antonov, 2015-06-08 01:08:29

Is the xss me plugin the best option for testing xss attacks?

Or are there other ways to test a site for vulnerabilities that are more accurate and professional?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
6
65536, 2015-06-08
@65536

it seems that it is not. it does not see forms that work on scripts, that is, on inputs outside the form tag and buttons with hung events. I'm also interested, but theoretically I don't see any universal way. if the form submission is organized in a non-standard way (form tag, post method, etc.), then it can be organized in any way, and this must be manually studied, where what is sent and what answers. if we are talking about your site, then you can issue a secret one-time token to each instance of the form, this is not ideal, but you can hack the automatic swotting to malefactors

Similar questions
R
Rain Summers2015-04-07 12:24:11
phpstorm. How to disable non-disabled "Inspections: cannot resolve file"? 5Reply
V
Vladimir Kapalev2021-03-27 10:25:24
Which program to batch replace text from a list from a file using regular expressions? 3Reply
X
xmoonlight2019-09-11 19:35:03
Development of OS update policy ideology: is it necessary and how often? 4Reply
D
DKQ2017-04-13 19:09:21
How and when is super admin created, are registrations divided into user types? 3Reply
I
Ilya Myasin2017-04-19 17:26:13
Why are there duplicate letters in the output of shell_exec('man whoami') on os x? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question