🌄
Shikata Ga Nai
  • Shikata Ga Nai
  • General
  • Gaining Access
    • Nmap
    • Reverse Shell
    • Password Cracking
    • Other Services
      • 21 - FTP
      • Enumerating SMB
    • Web
      • Web Enumeration
      • XSS
      • File Inclusion
      • SQL Injection
  • Linux Foothold
    • Linux Tricks
    • Privesc
  • Windows Foothold
    • Privesc
  • Binary
    • Calling Conventions
    • Debuggers
    • Examining Binaries
    • Shellcoding
    • Bypassing Exploit Mitigation Techniques [Linux]
  • Stego
    • Stego tools
Powered by GitBook
On this page
  • XSS Types
  • Injection Methods
  • Iframe Injection

Was this helpful?

  1. Gaining Access
  2. Web

XSS

PreviousWeb EnumerationNextFile Inclusion

Last updated 4 years ago

Was this helpful?

You can check an input field with these symbols: [ < > ‘ “ { } ; ], if they are not removed or encoded the field might be vulnerable to XSS.

XSS Types

  • Stored XSS [Persistent XSS] occurs when the injection is stored and displayed to everyone.

  • Reflected XSS includes payload from an outer source, like a link or request.

  • DOM-based happens within the page’s DOM.

Injection Methods

Iframe Injection

Example:

Every user that will enter the site will send us a request!