Search the Community

Showing results for tags 'xss'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • General doubts | News
    • General doubts
    • News
  • Hacking | Remote Administration | Bugs & Exploits
    • Hacking
    • Remote Administration
    • Bugs & Exploits
  • Programming | Web | SEO | Prefabricated applications
    • General Programming
    • Web Programming
    • Prefabricated Applications
    • SEO
  • Cracking Zone
    • Cracking Accounts
    • Reverse Engineering
  • Security & Anonymity
    • Security
    • Wireless Security
    • Web Security
    • Anonymity
  • Operating Systems | Hardware | Programs
    • Operating systems
    • Hardware
    • PC programs
    • iOS
    • Android
    • Windows Phone
  • Graphic Design
    • Graphic Design
  • vBCms Comments
  • live stream tv
    • live stream tv
  • Marketplace
    • Sell
    • Services
    • Request
  • Premium Accounts
    • Accounts
  • Modders Section
    • Source Codes
    • Manuals | Videos
    • Tools
    • Others
  • PRIV8-Section
    • Exploits
    • Accounts|Dumps
    • Crypter|Binder|Bots
    • Tutorials|Videos
    • Cracked Tools
    • Make Money
    • More Tools
    • Databeses
    • Ebooks
  • Cracking Zone PRIV8
    • Cracking Accounts
    • Reverse Engineering
    • Cracker Preview Area
  • Carding Zone PRIV8
    • Carding
    • Phishing
    • Defacing
    • Doxing
    • Special User Premium Preview Area

Blogs

There are no results to display.

There are no results to display.


Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Location


Interests


Occupation


TeamViewer


Tox

Found 49 results

  1. WiKID Systems 2FA Enterprise Server version 4.2.0-b2032 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities. View the full article
  2. Automated Vulnerability Scanner for XSS | Written in Python3 | Utilizes Selenium Headless Traxss is a Hacktoberfest Project! If you are looking for a place to make contribute, please feel free. Traxss is an automated framework to scan URLs and webpages for XSS Vulnerabilities. It includes over 575 Payloads to test with and multiple options for robustness of tests. View the gif above to see a preview of the fastest type of scan. [HIDE][Hidden Content]]
  3. ASUS RT-N10+ with firmware version 2.0.3.4 suffers from cross site request forgery and cross site scripting vulnerabilities that can assist with achieving command execution. View the full article
  4. Various Open-Xchange OX App Suite versions suffer from server-side request forgery, cross site scripting, information disclosure, and improper access control vulnerabilities. View the full article
  5. 0x1

    Traxss

    Automated Vulnerability Scanner for XSS | Written in Python3 | Utilizes Selenium Headless Traxss is a Hacktoberfest Project! If you are looking for a place to make contribute, please feel free. Traxss is an automated framework to scan URLs and webpages for XSS Vulnerabilities. It includes over 575 Payloads to test with and multiple options for robustness of tests. View the gif above to see a preview of the fastest type of scan. Getting Started Prerequisites Traxss depends on Chromedriver. On MacOS this can be installed with the homebrew command: brew install cask chromedriver Installation Run the command: pip3 install -r requirements.txt Running Traxss Traxx can be started with the command: python3 traxss.py This will launch an interactive CLI to guide you through the process. Types of Scans Full Scan w/ HTML Uses a query scan with 575+ payloads and attempts to find XSS vulnerabilities by passing parameters through the URL. It will also render the HTML and attempt to find manual XSS Vulnerablities (this feature is still in beta). Full Scan w/o HTML This scan will run the query scan only. Fast Scan w/ HTML This scan is the same as the full w/ HTML but it will only use 7 attack vectors rather than the 575+ vectors. Fast Scan w/o HTML This scan is the same as the fast w/o HTML but it will only use 7 attack vectors rather than the 575+ vectors. More info && Download [Hidden Content]
  6. Thailand Union Library Management version 6.2 suffers from cross site scripting and remote SQL injection vulnerabilities. View the full article
  7. 0x1

    Block Alert XSS

    Blocked Window Alert - Prompt - Confirm - Open XSS && block function Window.Console To deblock make var DEBUG = true if i have forget some function you can add here on Comment Thanks [Hidden Content] Tested on my Blog: [hide][Hidden Content]] Reference : [hide][Hidden Content]]
  8. [Hidden Content]
  9. XSpear - Powerfull XSS Scanning And Parameter Analysis Tool Key features Pattern matching based XSS scanning Detect alert confirm prompt event on headless browser (with Selenium) Testing request/response for XSS protection bypass and reflected params Reflected Params Filtered test event handler HTML tag Special Char Testing Blind XSS (with XSS Hunter , ezXSS, HBXSS, Etc all url base blind test...) Dynamic/Static Analysis Find SQL Error pattern Analysis Security headers(CSP HSTS X-frame-options, XSS-protection etc.. ) Analysis Other headers..(Server version, Content-Type, etc...) Scanning from Raw file(Burp suite, ZAP Request) XSpear running on ruby code(with Gem library) Show table base cli-report and filtered rule, testing raw query(url) Testing at selected parameters Support output format cli json cli: summary, filtered rule(params), Raw Query Support Verbose level (quit / nomal / raw data) Support custom callback code to any test various attack vectors [HIDE][Hidden Content]]
  10. D-Link 6600-AP suffers from cross site scripting, key extraction, shell escape, config file disclosure, and denial of service vulnerabilities. View the full article
  11. [Hidden Content]
  12. XSS Fuzzer is a simple application written in plain HTML/JavaScript/CSS which generates XSS payloads based on user-defined vectors using multiple placeholders which are replaced with fuzzing lists. It offers the possibility to just generate the payloads as plain-text or to execute them inside an iframe. Inside iframes, it is possible to send GET or POST requests from the browser to arbitrary URLs using generated payloads. XSS Fuzzer is a generic tool that can be useful for multiple purposes, including: Finding new XSS vectors, for any browser Testing XSS payloads on GET and POST parameters Bypassing XSS Auditors in the browser Bypassing web application firewalls Exploiting HTML whitelist features [HIDE][Hidden Content]]
  13. Credits: hakluke [Hidden Content]
  14. ZeroDayF34r

    XSS

    Buenas señ@res, tengo un pequeño problema, con la busqueda de subdominios y queria saber las herramientas que utilizan para esto, pues yo uso Sublist3r, masscan ademas de nmap, mucho mas rapido y mejor y mas masdns para los dns, ahora estoy mirando [Hidden Content]. Tambien estaba mirando HostileSubBruteforcer, para compaginar con knock. Pues estaba usando Sublist3r, masscan, y masdns, que creo son las que utiliza casi todo el mundo, pero habiendo tantas, pues me gustaria compartir y saber cuales son las que utilizan ustedes. curl, nc, etc etc............................y burp, son con las que estoy haciendo las pruebas. netcat, tambien llamada la navaja suiza de los hackers, en sus tiempos, me da mucho juego, y bueno, ya saben. Estoy dispuesto a compartir informacion con quien la comparta conmigo, pues ahora mismo lo que me sobra es informacion, y me falta, ponerme a estudiar mas, intento hacer lo que puedo pero es jodido, con el master en programacion y el curso de seguridad, la verdad que voy de culo. Gracias a [email protected], un saludo postdata, pues no tengo mucho tiempo: Este esta bastante bien para la busqueda de subdominios, los puertos los puedo buscar luego con masscan, tambien hay paginas para la busqueda de dns, qeu al fin y al cabo es lo que buscamos, aparte de los subdominios, y bueno, toda informacion es poca, esta pagina te da algo bastante detallado, CADA UNA TE DA UNOS RESULTADOS, NO TODAS TE DAN LOS MISMOS RESULTADOS, POR EJEMPLO MASSCAN O NMAP, NO TE DAN LOS MISMOS RESULTADOS Y LA VELOCIDAD NO TIENE NADA QUE VER YA QUE MASSCAN PUEEDE SCANEAR TODA LA RED EN 10 SEGUNDOS, Y NMAP TARDA MUUCHO PARA MI GUSTO, LA PAGINA QUE OS COMENTABA ES ESTA [Hidden Content]. LA APORTO PARA LA GENTE QUE NECESITE O QUIERA MIRARLA, NO ESTA MAL, AUNQUE ESTOY ACOSTUMBRADO A LA TERMINAL Y ME ES MAS FACIL HACERLO TODO DESDE LA MISMA. GRACIAS, ESPERO QUE PUEDAN SACARME DE DUDAS, LA PREGUNTA REALMENTE ES: QUE HERRAMIENTAS UTILIZAMOS PARA SUBDOMINIOS, DNSS, Y PUERTOS.??????????? yo uso masscan, masdns, y dnsdumpster.com, asi como Sublist3r pero me va muy lento, se que es lento, pero tanto no creo. ME GUSTARIA, QUE CADA UNO ME DIGERA SI USA UNA U OTRA, PUES HAY TANTAS QUE NO SE REALMENTE CUAL ES MEJOR O PEOR. A VER SI SALGO DE DUDAS. Disculpen las faltas y las prisas, me faltan horas al dia para todo. Como dige antes gracias y un saludo. Atentamente: ZeroDay
  15. Securifi Almond 2015 suffers from buffer overflow, command injection, cross site scripting, cross site request forgery, and various other vulnerabilities. View the full article
  16. Veralite and Veraedge routers / smart home controllers suffer from command injection, cross site request forgery, cross site scripting, code execution, directory traversal, and various other vulnerabilities. View the full article
  17. Dell KACE System Management Appliance (SMA) versions prior to 9.0.270 patch SEC2018_20180410 suffers from cross site scripting and remote SQL injection vulnerabilities. View the full article
  18. Powerfull Simple XSS Scanner made with python 3.7 [HIDE][Hidden Content]] Roadmap v0.3B: Added custom options ( --proxy, --user-agent etc... ) v0.3B Patch: Added support for ( form method GET ) v0.4B: Improved Error handling Now Multiple parameters for GET method is Supported
  19. phpKF version 1.10 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities. View the full article
  20. Horde Webmail version 5.2.22 suffers from code execution, cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities. View the full article
  21. Various vulnerabilities have been found in Nagios XI version 5.5.10, which allow a remote attacker able to trick an authenticated victim (with "autodiscovery job" creation privileges) to visit a malicious URL to obtain a remote root shell via a reflected cross site scripting, an authenticated remote code Execution and a local privilege escalation. View the full article
  22. Loytec LGATE-902 versions prior to 6.4.2 suffer from cross site scripting, arbitrary file deletion, and directory traversal vulnerabilities. View the full article
  23. ____ ___ ____ ___ _________ _________ \ \/ /____ ____ \ \/ / / _____// _____/ \ /\__ \ / \ \ / \_____ \ \_____ \ / \ / __ \| | \/ \ / \/ \ /___/\ (____ /___| /___/\ \/_______ /_______ / \_/ \/ \/ \_/ \/ \/ Twitter-> @stay__salty Github --> ekultek Version---> v(0.1) XanXSS is a reflected XSS searching tool (DOM coming soon) that creates payloads based from templates. Unlike other XSS scanners that just run through a list of payloads. XanXSS tries to make the payload unidentifiable, for example: <xAnXSS</TitLE></STYLE><SVG/ONload='alERt(1);'/></XaNxSs</titLe></StYlE><SvG/ONlOAD='alerT(1);'/> <ifrAmE&#13;Src=&#160;[2].Find(CoNfirm);=&#160;"JAVaScRIpT:proMpT(1))"javAscrIpt:/*--></scRIPt> />cLIcK&#13;Me!</b</TextaRea></TiTLE><BUTtON ONcLIck='aleRT(1);'/>XaNxss</TEXTaRea> <iMG&#13;sRc=%0acONfIRM();=+'jAVASCRiPT:alerT("XSS");'</STYlE><Svg/onLoad='alErT((1));'/> With XanXSS every payload is different. XanXSS works by running through the payloads until a specified number is found or a timer hits the max time, this prevents it from looping for to long. Some of the features included in XanXSS: Ability to pass your own headers using -H Ability to generate a polyglot script using -P Ability to run behind a proxy using --proxy And many more [HIDE][Hidden Content]]
  24. OrientDB version 3.0.17 GA Community Edition suffers from cross site request forgery and cross site scripting vulnerabilities. View the full article