EXPLOITATION - XSS VULNS

XSS - CROSS SITE SCRIPTING VULNS

  • Allow an attacker to inject javascript code into the page.
  • The code is executed when the page loads.
  • The code is executed on the client machine, not the server.

Three main types:

1. Persistent/Stored XSS.

2. Reflected XSS.

3.DOM-based XSS

DISCOVERING XSS

  • Try to inject javascript code into the pages.
  • Test text boxes and URL parameters on the form
    •   http://target.com/page.php?something=something

REFLECTED XSS

  • None persistent, not stored.
  • Only work if the target visits a specially crafted URL
    •   http://target.com/page.php?something=<script>altert("XSS")</script>

STORED XSS

  • Persistent, stored on the page or DB.
  • The injected code is executed every time the page is loaded.

Python Ethical Hacking - VULNERABILITY SCANNER(5)的更多相关文章

  1. Python Ethical Hacking - VULNERABILITY SCANNER(9)

    Automatically Discovering Vulnerabilities Using the Vulnerability Scanner 1. Modify the run_scanner ...

  2. Python Ethical Hacking - VULNERABILITY SCANNER(7)

    VULNERABILITY_SCANNER How to discover a vulnerability in a web application? 1. Go into every possibl ...

  3. Python Ethical Hacking - VULNERABILITY SCANNER(4)

    Extracting & Submitting Forms Automatically Target website:http://10.0.0.45/dvwa/vulnerabilities ...

  4. Python Ethical Hacking - VULNERABILITY SCANNER(2)

    VULNERABILITY_SCANNER How to discover a vulnerability in a web application? 1. Go into every possibl ...

  5. Python Ethical Hacking - VULNERABILITY SCANNER(8)

    Implementing Code To Discover XSS in Parameters 1. Watch the URL of the XSS reflected page carefully ...

  6. Python Ethical Hacking - VULNERABILITY SCANNER(3)

    Polish the Python code using sending requests in a session Class Scanner. #!/usr/bin/env python impo ...

  7. Python Ethical Hacking - VULNERABILITY SCANNER(1)

    HTTP REQUESTS BASIC INFORMATION FLOW The user clicks on a link. HTML website generates a request(cli ...

  8. Python Ethical Hacking - VULNERABILITY SCANNER(6)

    EXPLOITATION - XSS VULNS EXPLOITING XSS Run any javascript code. Beef framework can be used to hook ...

  9. Python Ethical Hacking - BACKDOORS(8)

    Cross-platform hacking All programs we wrote are pure python programs They do not rely on OS-specifi ...

随机推荐

  1. GitHub如何回滚代码?

    1.git log 查看commit hash值 执行git log:查看commit hash值. 2.执行git reset --hard xxxx xxxx表示的是commit hash 值. ...

  2. VUE+ELEMENT-UI的后台项目封装组件--查询form的封装

    最近项目打算重构,项目的模块几乎都是以后台查询展示的传统的增删改差模式,所以卑微的我想要自己封装一下查询form,先上效果图 子组件页面: <template> <div class ...

  3. Java二次复习笔记(1)

    Java二次复习笔记(1) Java采用的默认字符编码集是Unicode. byte=byte+byte报错,值为int,而byte+=byte不报错.同样short = short+short报错, ...

  4. WeChair项目Beta冲刺(7/10)

    团队项目进行情况 1.昨日进展    Beta冲刺第七天 昨日进展: 前后端并行开发,项目按照计划有条不絮进行 2.今日安排 前端:扫码占座功能和预约功能并行开发 后端:扫码占座后端逻辑开发,编码预约 ...

  5. 微信小程序-创建小程序页面

    QQ讨论群:785071190 创建页面 创建小程序页面非常简单,鼠标在需要创建页面的目录右击,可看到下图菜单,选择"Page"即可创建出一个页面. 输入页面名称,回车就可以创建出 ...

  6. vue学习第一天:v-bind的使用(让属性绑定变量)

    v-bind的使用 v-bind: 是vue中,提供用于绑定属性的指令  例: <input type="button" value="按钮" title ...

  7. Perl入门(四)Perl的正则表达式

    正则表达式是Perl语言的特色,基本的语法不是很难,但是编写一个符合需求.高效的正则表达式,还是有一些挑战的. Perl的三种匹配模式 1.查找 语法:m/正则表达式内容/; 作用:查找匹配内容中是否 ...

  8. ImageLoader在Listview中的使用

    图片加载框架之ImageLoader 1_特点 1)多线程下载图片,图片可以来源于网络,文件系统,项目文件夹assets中以及drawable中等 2)支持随意的配置ImageLoader,例如线程池 ...

  9. SpringMVC中Map、Model、ModelMap、ModelAndView之间的关系及区别

    首先,在了解这三者之前,需要知道一点:SpringMVC在调用方法前会创建一个隐含的数据模型(Model),作为模型数据的存储容器, 成为”隐含模型”. 如果controller方法的参数为Moedl ...

  10. php artisan migrate数据迁移报错

    laravel 5.4 改变了默认的数据库字符集,现在utf8mb4包括存储emojis支持.如果你运行MySQL v5.7.7或者更高版本,则不需要做任何事情. 当你试着在一些MariaDB或者一些 ...