EXPLOITATION - XSS VULNS

XSS - CROSS SITE SCRIPTING VULNS

  • Allow an attacker to inject javascript code into the page.
  • The code is executed when the page loads.
  • The code is executed on the client machine, not the server.

Three main types:

1. Persistent/Stored XSS.

2. Reflected XSS.

3.DOM-based XSS

DISCOVERING XSS

  • Try to inject javascript code into the pages.
  • Test text boxes and URL parameters on the form
    •   http://target.com/page.php?something=something

REFLECTED XSS

  • None persistent, not stored.
  • Only work if the target visits a specially crafted URL
    •   http://target.com/page.php?something=<script>altert("XSS")</script>

STORED XSS

  • Persistent, stored on the page or DB.
  • The injected code is executed every time the page is loaded.

Python Ethical Hacking - VULNERABILITY SCANNER(5)的更多相关文章

  1. Python Ethical Hacking - VULNERABILITY SCANNER(9)

    Automatically Discovering Vulnerabilities Using the Vulnerability Scanner 1. Modify the run_scanner ...

  2. Python Ethical Hacking - VULNERABILITY SCANNER(7)

    VULNERABILITY_SCANNER How to discover a vulnerability in a web application? 1. Go into every possibl ...

  3. Python Ethical Hacking - VULNERABILITY SCANNER(4)

    Extracting & Submitting Forms Automatically Target website:http://10.0.0.45/dvwa/vulnerabilities ...

  4. Python Ethical Hacking - VULNERABILITY SCANNER(2)

    VULNERABILITY_SCANNER How to discover a vulnerability in a web application? 1. Go into every possibl ...

  5. Python Ethical Hacking - VULNERABILITY SCANNER(8)

    Implementing Code To Discover XSS in Parameters 1. Watch the URL of the XSS reflected page carefully ...

  6. Python Ethical Hacking - VULNERABILITY SCANNER(3)

    Polish the Python code using sending requests in a session Class Scanner. #!/usr/bin/env python impo ...

  7. Python Ethical Hacking - VULNERABILITY SCANNER(1)

    HTTP REQUESTS BASIC INFORMATION FLOW The user clicks on a link. HTML website generates a request(cli ...

  8. Python Ethical Hacking - VULNERABILITY SCANNER(6)

    EXPLOITATION - XSS VULNS EXPLOITING XSS Run any javascript code. Beef framework can be used to hook ...

  9. Python Ethical Hacking - BACKDOORS(8)

    Cross-platform hacking All programs we wrote are pure python programs They do not rely on OS-specifi ...

随机推荐

  1. ODBC 常见数据源配置整理

    目录 1. 简介 1.1 ODBC和JDBC 1.2 ODBC配置工具 1.3 ODBC 数据源连接配置 2. MySQL 数据源配置 2.1 配置步骤 2.2 链接参数配置 3. SQLServer ...

  2. Spring中的JDBC API

    1 JdbcTemplate的诞生 JDBC作为Java平台访问关系数据库的标准API,其成功是有目共睹的.为了避免在JDBC API在使用中的种种尴尬局面(几乎程式一样的代码,繁琐的异常处理),Sp ...

  3. 入门大数据---Flink核心概念综述

    一.Flink 简介 Apache Flink 诞生于柏林工业大学的一个研究性项目,原名 StratoSphere .2014 年,由 StratoSphere 项目孵化出 Flink,并于同年捐赠 ...

  4. Buy a Ticket 【最短路】

    题目 Musicians of a popular band "Flayer" have announced that they are going to "make t ...

  5. 【UVA11383】 Golden Tiger Claw 【二分图KM算法(板子)】

    题目 题目传送门:https://www.luogu.com.cn/problem/UVA11383 分析 最近刚刚学了二分图,然后来了一个这样的题,看完题意之后,稍微想一想就能想出来是一个二分图,然 ...

  6. 《UNIX环境高级编程》(APUE) 笔记系列

    本系列笔记主要是对于 <UNIX环境高级编程>(APUE) 各章节内容 概念性的总结 ,不涉及代码解读 . 目录 : 第一章 UNIX基础知识 第二章 UNIX标准及实现 第三章 文件I/ ...

  7. 《UNIX环境高级编程》(APUE) 笔记第三章 - 文件I/O

    3 - 文件I/O Github 地址 1. 文件描述符 对于内核而言,所有打开的文件都通过 文件描述符 (file descriptor) 引用.当打开一个现有文件或创建一个新文件时,内核向进程返回 ...

  8. PE文件格式详解(八)

    0x00 前言 前面了解了PE文件的输入和输出,今天来看看另一个重要的结构——资源.资源结构是很典型的树形结构,层层查找,最终找到资源位置. 0x01 资源结构介绍 Windows程序的各种界面成为资 ...

  9. 在Linux上部署jmeter

    一.服务器安装jmeter 1.将安装文件上传到Linux服务器 通过xshell文件上传工具,将文件 “apache-jmeter-5.1.1.tgz”上传 2.在服务器解压缩“apache-jme ...

  10. 攻防世界FlatScience

    访问robots.txt发现 admin.php和login.php 在admin.php和login.php分别尝试注入 发现login.php页面存在注入,并且根据报错得知数据库类型为sqlite ...