The browser prevents clicking on links with XSS. How to bypass blocking?

S

Sazoks2018-10-27 12:47:44

JavaScript

Sazoks, 2018-10-27 12:47:44

Hi everybody. I recently found a site vulnerable to xss, I'm not strong in this matter, but on "/><""/><script>alert("admin, remove xss!")script> I had enough brains ...
So. I entered it into the search fields on the site, it works. Of course, I reported this to the support.
Although something tells me that they will not even read it .... Because at first glance this site is a testing ground for XSS
. so I copy a link like http://_site_name_/index.php?q= "/><""/><script>alert("admin, remove xss!");script>, then I click on it and nothing! Browsers, even IE! blocks and sees scripting. What to do?
Oh yes, I'm only interested in broadening my horizons!

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

S

sim3x, 2018-10-27
@sim3x

https://stackoverflow.com/questions/12926997/how-t...
https://stackoverflow.com/questions/17679399/does-...

chrome.exe --disable-web-security --user-data-dir=c:\my\dat

D

David, 2019-08-29
@dordyan

Hey! Indeed, a special engine is responsible for checking XSS links in browsers. In Chrome, it is the most serious and is called XSS-Auditor.
There are special forms of XSS to bypass it.
Current bypasses for Chrome can be found here: https : //github.com/EdOverflow/bugbounty-cheatsheet...