Marduk_James Feb 5, 2024

Learning about template literals!

https://medium.com/@marduk.i.am/reflected-xss-into-a-template-literal-with-angle-brackets-single-double-quotes-backslash-and-d5cf41f25b02

#BugBounty #bugbountytips #CrossSiteScripting #informationsecurity #XSS #PortswiggerLabs #reflectedxss

Marduk_James Feb 1, 2024

Another one!

https://medium.com/@marduk.i.am/reflected-xss-into-a-javascript-string-with-angle-brackets-and-double-quotes-html-encoded-and-3e43059d901b

#BugBounty #bugbountytips #CrossSiteScripting #informationsecurity #XSS #PortswiggerLabs #reflectedxss

Reflected XSS into a JavaScript String with Angle Brackets and Double Quotes HTML-Encoded and Single Quotes Escaped

This lab contains a reflected cross-site scripting vulnerability in the search query tracking functionality where angle brackets and double quotes are HTML encoded and single quotes are escaped. To…

Medium
Marduk_James Jan 30, 2024

This is a pretty quick one. Check it out.

https://medium.com/@marduk.i.am/reflected-xss-into-a-javascript-string-with-single-quote-and-backslash-escaped-ba435167b43f

#BugBounty #bugbountytips #CrossSiteScripting #informationsecurity #XSS #PortswiggerLabs #reflectedxss

Marduk_James Jan 29, 2024

Fun one learning about canonical links.

https://medium.com/@marduk.i.am/reflected-xss-in-canonical-link-tag-64c9719fc6ad

#BugBounty #bugbountytips #CrossSiteScripting #informationsecurity #XSS #PortswiggerLabs #reflectedxss

Reflected XSS in canonical link tag - Marduk I Am - Medium

To solve the lab, perform a cross-site scripting attack on the home page that injects an attribute that calls the alert function. To assist with your exploit, you can assume that the simulated user…

Medium
Marduk_James Jan 28, 2024

My latest write-up!

https://medium.com/@marduk.i.am/reflected-xss-with-some-svg-markup-allowed-10d198692208

#BugBounty #bugbountytips #CrossSiteScripting #informationsecurity #XSS #PortswiggerLabs #reflectedxss

Reflected XSS with some SVG markup allowed - Marduk I Am - Medium

Lab description: This lab has a simple reflected XSS vulnerability. The site is blocking common tags but misses some SVG tags and events. To solve the lab, perform a cross-site scripting attack that…

Medium
0xberserkrSep 30, 2023
Cross-site Scripting - I have just completed this room! Check it out: https://tryhackme.com/room/xss #tryhackme #XSS #Cross-SiteScripting #DOM #ReflectedXSS #StoredXSS #BlindXSS #Polyglot #xss via @RealTryHackMe
#infosec #hacking
TryHackMe | Cyber Security Training

TryHackMe is a free online platform for learning cyber security, using hands-on exercises and labs, all through your browser!

TryHackMe
OPSEC Cybersecurity News LiveMar 20, 2023
XSS bypass in url

https://security.stackexchange.com/questions/269219/xss-bypass-in-url

#reflectedxss #bugbounty #xss
XSS bypass in url

I have a website https://bugbounty.com/test/"injection inside js" , But " is escaped with \ and i m trying inject </script><script>alert() but https://bugbounty.com/test/...

Information Security Stack Exchange
OPSEC Cybersecurity News LiveMar 8, 2023
My XSS payload is not executing

https://security.stackexchange.com/questions/268975/my-xss-payload-is-not-executing

#reflectedxss #javascript #xss
My XSS payload is not executing

After many attempts I managed to bypass the filters with this payload: &lt;script&gt;alert(5)&lt;/script> I got this response As you can see, the payload is correctly written but it ...

Information Security Stack Exchange
OPSEC Cybersecurity News LiveJan 29, 2023
Why do you think this code isn't firing?

https://security.stackexchange.com/questions/268044/why-do-you-think-this-code-isnt-firing

#reflectedxss #xss
Why do you think this code isn't firing?

I don't have a lot of knowledge about xss so im kinda confused, why this is not popping up an alert box?

Information Security Stack Exchange
OPSEC Cybersecurity News LiveJan 15, 2023
Jsoup XSS attack with URL encoded input

https://security.stackexchange.com/questions/267738/jsoup-xss-attack-with-url-encoded-input

#springframework #reflectedxss #java #xss
Jsoup XSS attack with URL encoded input

I'm having a Spring Web Application that exposes REST APIs. I have implemented XSS filter using Jsoup that strips the input using Safelist.NONE. The penetration testing team raised a concern where ...

Information Security Stack Exchange