Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
N
N
Nikolai Antonov2015-06-08 01:08:29
JavaScript
Nikolai Antonov, 2015-06-08 01:08:29

Is the xss me plugin the best option for testing xss attacks?

Or are there other ways to test a site for vulnerabilities that are more accurate and professional?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
6
65536, 2015-06-08
@65536

it seems that it is not. it does not see forms that work on scripts, that is, on inputs outside the form tag and buttons with hung events. I'm also interested, but theoretically I don't see any universal way. if the form submission is organized in a non-standard way (form tag, post method, etc.), then it can be organized in any way, and this must be manually studied, where what is sent and what answers. if we are talking about your site, then you can issue a secret one-time token to each instance of the form, this is not ideal, but you can hack the automatic swotting to malefactors

Similar questions
N
Nikolino2018-11-04 21:04:18
Why low FPS on Ubuntu 16.04 VM? 3Reply
V
Vasiliy2015-03-22 17:23:49
JSLint good or bad!??? 3Reply
N
NikitaSova2020-09-16 09:01:55
How to solve error CS0120? 3Reply
S
Sergey Minakov2019-08-29 16:12:31
How to find out how much RAM a subprocess has used? 1Reply
V
Vell122016-06-19 01:04:52
How to make such a line at the top of the site? 4Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question