Search the Community

Showing results for tags 'xss'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Staff Control
    • Staff Announcements
    • Moderators
    • Administration
  • General doubts | News
    • General doubts
    • News
  • Hacking | Remote Administration | Bugs & Exploits
    • Hacking
    • Remote Administration
    • Bugs & Exploits
  • Programming | Web | SEO | Prefabricated applications
    • General Programming
    • Web Programming
    • Prefabricated Applications
    • SEO
  • Cracking Zone
  • Security & Anonymity
  • Operating Systems | Hardware | Programs
  • Graphic Design
  • vBCms Comments
  • live stream tv
  • Marketplace
  • Premium Accounts
  • Modders Section
  • PRIV8-Section
  • Cracking Zone PRIV8
  • Carding Zone PRIV8

Blogs

There are no results to display.

There are no results to display.


Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


About Me


Location


Interests


Occupation


TeamViewer


Twitter


Facebook


Youtube


Google+


Tox

Found 53 results

  1. How to easily find Reflected XSS vulnerabilities! [Hidden Content]
  2. itsMe

    NoXss - A xss scanner

    NoXss NoXss is a xss scanner, include reflected xss and dom-based xss.It can scan a single url or many urls from text file,also support to scan traffic from burpsuite.It has found some xss vulnerabilities in Bug Bounty program. Features Multi-process Async request(use gevent) Support Dom-based xss(use browser) and reflected xss Support single url,file and traffic from Burpsuite Traffic filter based on interface Support speicial headers(referer,cookie,customized token,e.g.) Support rescan quickly by id [HIDE][Hidden Content]]
  3. 0x1

    HackBar V2

    Firefox Extension of HackBar without license A HackBar for new firefox (Firefox Quantum). This addon is written in webextension and alternatives to the XUL version of original Hackbar. How to use Press F12 to open hackbar Feature Load, split, execute url from address bar. Custom/add referrer url, User Agent, cookie. Tools: md5, sha1, sha256, rot13 encryption, url, base64 encoding, beautifier json data, sql, xss features. Shortcut Ctrl + Enter to execute FOREVER FREE Download && Code Source [Hidden Content]
  4. 0x1

    JSONBee

    A ready to use JSONP endpoints to help bypass content security policy of different websites. The tool was presented during HackIT 2018 in Kiev. The presentation can be found Here [Hidden Content] What is JSONBee ? The main idea behind this tool is to find the JSONP endpoint(s) that would help you bypass content security policy for your target website in an automated way. JSONBee takes an input of a url name (i.e. [Hidden Content]), parses the CSP (Content-Security-Policy), and automatically suggest the XSS payload that would bypass the CSP. It mainly focuses on JSONP endpoints gathered during my bug bounty hunting activities, and could be used to bypass the CSP. JSONBee relies on 3 methods to gather the JSONP endpoints: The repository within this project; Google dorks; Internet archive (archive[.]org). The tool is not yet fully completed as I'm still adding some validations and features too. However, the repository will be hosted here so that anyone can use it till the tool is ready. The repo contains ready-to-use payloads that can bypass CSP for Facebook[.]com, Google[.]com and more. Bypasing Facebook.com Content-Security policy: Facebook.com allows *.google[.]com in its CSP policy (script-src directive), thus, below payload would work like a charm to execute JavaScript on Facebook[.]com: "><script+src="[Hidden Content]"></script> If you came across a website that trusts any of the domains in jsonp.txt file in its script-src directive, then pickup a payload that matches the domain and have fun How can you help? You are all welcome to contribute by adding links to sites that uses JSONP endpoins/callbacks to make the repo bigger and more usefull for bug hunters, pentesters, and security researchers. Download [Hidden Content]
  5. WiKID Systems 2FA Enterprise Server version 4.2.0-b2032 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities. View the full article
  6. Automated Vulnerability Scanner for XSS | Written in Python3 | Utilizes Selenium Headless Traxss is a Hacktoberfest Project! If you are looking for a place to make contribute, please feel free. Traxss is an automated framework to scan URLs and webpages for XSS Vulnerabilities. It includes over 575 Payloads to test with and multiple options for robustness of tests. View the gif above to see a preview of the fastest type of scan. [HIDE][Hidden Content]]
  7. ASUS RT-N10+ with firmware version 2.0.3.4 suffers from cross site request forgery and cross site scripting vulnerabilities that can assist with achieving command execution. View the full article
  8. Various Open-Xchange OX App Suite versions suffer from server-side request forgery, cross site scripting, information disclosure, and improper access control vulnerabilities. View the full article
  9. 0x1

    Traxss

    Automated Vulnerability Scanner for XSS | Written in Python3 | Utilizes Selenium Headless Traxss is a Hacktoberfest Project! If you are looking for a place to make contribute, please feel free. Traxss is an automated framework to scan URLs and webpages for XSS Vulnerabilities. It includes over 575 Payloads to test with and multiple options for robustness of tests. View the gif above to see a preview of the fastest type of scan. Getting Started Prerequisites Traxss depends on Chromedriver. On MacOS this can be installed with the homebrew command: brew install cask chromedriver Installation Run the command: pip3 install -r requirements.txt Running Traxss Traxx can be started with the command: python3 traxss.py This will launch an interactive CLI to guide you through the process. Types of Scans Full Scan w/ HTML Uses a query scan with 575+ payloads and attempts to find XSS vulnerabilities by passing parameters through the URL. It will also render the HTML and attempt to find manual XSS Vulnerablities (this feature is still in beta). Full Scan w/o HTML This scan will run the query scan only. Fast Scan w/ HTML This scan is the same as the full w/ HTML but it will only use 7 attack vectors rather than the 575+ vectors. Fast Scan w/o HTML This scan is the same as the fast w/o HTML but it will only use 7 attack vectors rather than the 575+ vectors. More info && Download [Hidden Content]
  10. Thailand Union Library Management version 6.2 suffers from cross site scripting and remote SQL injection vulnerabilities. View the full article
  11. 0x1

    Block Alert XSS

    Blocked Window Alert - Prompt - Confirm - Open XSS && block function Window.Console To deblock make var DEBUG = true if i have forget some function you can add here on Comment Thanks [Hidden Content] Tested on my Blog: [hide][Hidden Content]] Reference : [hide][Hidden Content]]
  12. [Hidden Content]
  13. XSpear - Powerfull XSS Scanning And Parameter Analysis Tool Key features Pattern matching based XSS scanning Detect alert confirm prompt event on headless browser (with Selenium) Testing request/response for XSS protection bypass and reflected params Reflected Params Filtered test event handler HTML tag Special Char Testing Blind XSS (with XSS Hunter , ezXSS, HBXSS, Etc all url base blind test...) Dynamic/Static Analysis Find SQL Error pattern Analysis Security headers(CSP HSTS X-frame-options, XSS-protection etc.. ) Analysis Other headers..(Server version, Content-Type, etc...) Scanning from Raw file(Burp suite, ZAP Request) XSpear running on ruby code(with Gem library) Show table base cli-report and filtered rule, testing raw query(url) Testing at selected parameters Support output format cli json cli: summary, filtered rule(params), Raw Query Support Verbose level (quit / nomal / raw data) Support custom callback code to any test various attack vectors [HIDE][Hidden Content]]
  14. D-Link 6600-AP suffers from cross site scripting, key extraction, shell escape, config file disclosure, and denial of service vulnerabilities. View the full article
  15. [Hidden Content]
  16. XSS Fuzzer is a simple application written in plain HTML/JavaScript/CSS which generates XSS payloads based on user-defined vectors using multiple placeholders which are replaced with fuzzing lists. It offers the possibility to just generate the payloads as plain-text or to execute them inside an iframe. Inside iframes, it is possible to send GET or POST requests from the browser to arbitrary URLs using generated payloads. XSS Fuzzer is a generic tool that can be useful for multiple purposes, including: Finding new XSS vectors, for any browser Testing XSS payloads on GET and POST parameters Bypassing XSS Auditors in the browser Bypassing web application firewalls Exploiting HTML whitelist features [HIDE][Hidden Content]]
  17. Credits: hakluke [Hidden Content]
  18. ZeroDayF34r

    XSS

    Buenas señ@res, tengo un pequeño problema, con la busqueda de subdominios y queria saber las herramientas que utilizan para esto, pues yo uso Sublist3r, masscan ademas de nmap, mucho mas rapido y mejor y mas masdns para los dns, ahora estoy mirando [Hidden Content]. Tambien estaba mirando HostileSubBruteforcer, para compaginar con knock. Pues estaba usando Sublist3r, masscan, y masdns, que creo son las que utiliza casi todo el mundo, pero habiendo tantas, pues me gustaria compartir y saber cuales son las que utilizan ustedes. curl, nc, etc etc............................y burp, son con las que estoy haciendo las pruebas. netcat, tambien llamada la navaja suiza de los hackers, en sus tiempos, me da mucho juego, y bueno, ya saben. Estoy dispuesto a compartir informacion con quien la comparta conmigo, pues ahora mismo lo que me sobra es informacion, y me falta, ponerme a estudiar mas, intento hacer lo que puedo pero es jodido, con el master en programacion y el curso de seguridad, la verdad que voy de culo. Gracias a [email protected], un saludo postdata, pues no tengo mucho tiempo: Este esta bastante bien para la busqueda de subdominios, los puertos los puedo buscar luego con masscan, tambien hay paginas para la busqueda de dns, qeu al fin y al cabo es lo que buscamos, aparte de los subdominios, y bueno, toda informacion es poca, esta pagina te da algo bastante detallado, CADA UNA TE DA UNOS RESULTADOS, NO TODAS TE DAN LOS MISMOS RESULTADOS, POR EJEMPLO MASSCAN O NMAP, NO TE DAN LOS MISMOS RESULTADOS Y LA VELOCIDAD NO TIENE NADA QUE VER YA QUE MASSCAN PUEEDE SCANEAR TODA LA RED EN 10 SEGUNDOS, Y NMAP TARDA MUUCHO PARA MI GUSTO, LA PAGINA QUE OS COMENTABA ES ESTA [Hidden Content]. LA APORTO PARA LA GENTE QUE NECESITE O QUIERA MIRARLA, NO ESTA MAL, AUNQUE ESTOY ACOSTUMBRADO A LA TERMINAL Y ME ES MAS FACIL HACERLO TODO DESDE LA MISMA. GRACIAS, ESPERO QUE PUEDAN SACARME DE DUDAS, LA PREGUNTA REALMENTE ES: QUE HERRAMIENTAS UTILIZAMOS PARA SUBDOMINIOS, DNSS, Y PUERTOS.??????????? yo uso masscan, masdns, y dnsdumpster.com, asi como Sublist3r pero me va muy lento, se que es lento, pero tanto no creo. ME GUSTARIA, QUE CADA UNO ME DIGERA SI USA UNA U OTRA, PUES HAY TANTAS QUE NO SE REALMENTE CUAL ES MEJOR O PEOR. A VER SI SALGO DE DUDAS. Disculpen las faltas y las prisas, me faltan horas al dia para todo. Como dige antes gracias y un saludo. Atentamente: ZeroDay
  19. Veralite and Veraedge routers / smart home controllers suffer from command injection, cross site request forgery, cross site scripting, code execution, directory traversal, and various other vulnerabilities. View the full article
  20. Securifi Almond 2015 suffers from buffer overflow, command injection, cross site scripting, cross site request forgery, and various other vulnerabilities. View the full article
  21. Dell KACE System Management Appliance (SMA) versions prior to 9.0.270 patch SEC2018_20180410 suffers from cross site scripting and remote SQL injection vulnerabilities. View the full article
  22. Powerfull Simple XSS Scanner made with python 3.7 [HIDE][Hidden Content]] Roadmap v0.3B: Added custom options ( --proxy, --user-agent etc... ) v0.3B Patch: Added support for ( form method GET ) v0.4B: Improved Error handling Now Multiple parameters for GET method is Supported
  23. phpKF version 1.10 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities. View the full article
  24. Horde Webmail version 5.2.22 suffers from code execution, cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities. View the full article