EXPLOITATION - XSS VULNS

XSS - CROSS SITE SCRIPTING VULNS

  • Allow an attacker to inject javascript code into the page.
  • The code is executed when the page loads.
  • The code is executed on the client machine, not the server.

Three main types:

1. Persistent/Stored XSS.

2. Reflected XSS.

3.DOM-based XSS

DISCOVERING XSS

  • Try to inject javascript code into the pages.
  • Test text boxes and URL parameters on the form
    •   http://target.com/page.php?something=something

REFLECTED XSS

  • None persistent, not stored.
  • Only work if the target visits a specially crafted URL
    •   http://target.com/page.php?something=<script>altert("XSS")</script>

STORED XSS

  • Persistent, stored on the page or DB.
  • The injected code is executed every time the page is loaded.

Python Ethical Hacking - VULNERABILITY SCANNER(5)的更多相关文章

  1. Python Ethical Hacking - VULNERABILITY SCANNER(9)

    Automatically Discovering Vulnerabilities Using the Vulnerability Scanner 1. Modify the run_scanner ...

  2. Python Ethical Hacking - VULNERABILITY SCANNER(7)

    VULNERABILITY_SCANNER How to discover a vulnerability in a web application? 1. Go into every possibl ...

  3. Python Ethical Hacking - VULNERABILITY SCANNER(4)

    Extracting & Submitting Forms Automatically Target website:http://10.0.0.45/dvwa/vulnerabilities ...

  4. Python Ethical Hacking - VULNERABILITY SCANNER(2)

    VULNERABILITY_SCANNER How to discover a vulnerability in a web application? 1. Go into every possibl ...

  5. Python Ethical Hacking - VULNERABILITY SCANNER(8)

    Implementing Code To Discover XSS in Parameters 1. Watch the URL of the XSS reflected page carefully ...

  6. Python Ethical Hacking - VULNERABILITY SCANNER(3)

    Polish the Python code using sending requests in a session Class Scanner. #!/usr/bin/env python impo ...

  7. Python Ethical Hacking - VULNERABILITY SCANNER(1)

    HTTP REQUESTS BASIC INFORMATION FLOW The user clicks on a link. HTML website generates a request(cli ...

  8. Python Ethical Hacking - VULNERABILITY SCANNER(6)

    EXPLOITATION - XSS VULNS EXPLOITING XSS Run any javascript code. Beef framework can be used to hook ...

  9. Python Ethical Hacking - BACKDOORS(8)

    Cross-platform hacking All programs we wrote are pure python programs They do not rely on OS-specifi ...

随机推荐

  1. php 整数转罗马数字

    class Solution { /** * @param Integer $num * @return String */ function intToRoman($num) { $roman=[' ...

  2. navicat 出现 mysql远程连接问题 Lost connection to MySQL server at ‘reading initial communication packet', system error: 0

    今天做服务器上的东西需要看数据库时,突然发现有这个报错,然后自己也查了很多资料 我最后找到一个在my,cnf配置文件中mysqld下加入一条 max_allowed_packet = 500M 也就是 ...

  3. ORA-12514:监听程序无法识别

    使用plsql远程登录oracle数据库时,出现无法识别监听程序的错误.很大机率是配置文件出错. 配置文件如下: listener.ora是服务器端用的,oracle监听程序,就是读的这个文件,里面有 ...

  4. Redis设置并查看最大连接数

    在 Redis2.4 中,最大连接数是被直接硬编码在代码里面的,而在2.6版本中这个值变成可配置的. maxclients 的默认值是 10000,你也可以在 redis.conf 中对这个值进行修改 ...

  5. MongoDB入门三

    MongoDB字段问题  增删查改操作 删除一列操作db.RiderReaTimePositon.update({},{$unset:{'CreateTime':''}},false,true)db. ...

  6. Dysregulation of Exosome Cargo by Mutant Tau Expressed in Human-induced Pluripotent Stem Cell (iPSC) Neurons Revealed by Proteomics Analyses(蛋白质组学揭示了人诱导的多能干细胞(iPSC)神经元中表达的突变Tau对外泌体的失调) 解读人:梁玉婷

    期刊名:MCP 发表时间:(2020年4月) IF:4.828 单位:Skaggs School of Pharmacy and Pharmaceutical Sciences, University ...

  7. django 类视图的使用

    使用django框架也有挺长时间了,但是一直都没有用过django的类视图,因为之前跟着网上教程学习时,觉得类视图是进阶的知识,可能目前还达不到吧 但今天在做项目的时候用到了,感觉真的太方便了吧,而且 ...

  8. 六.url配置

    1.Django 如何处理一个请求 (1). django 加载 ROOT_URLCONF(settings.py中配置的) 指定的模块,并寻找可用的urlpatterns变量.它是 django.c ...

  9. hive如何获取当前时间

    在大多数的sql中获取当前时间都是用now()函数即可,hive获取当前时间的函数与sql 不一样 在impala中执行now()函数时是可以通过的 然而在hive中执行now()函数却报错: hiv ...

  10. Python3-在windows快速运行一个简单的本地 HTTP 服务器

    1.打开控制台2.python -m http.server