xss   6544

« earlier    

WordPress Security - 24 Tips to Secure Your Website from Hackers
Header set Strict-Transport-Security "max-age=31536000" env=HTTPS
Header always append X-Frame-Options SAMEORIGIN
Header set X-XSS-Protection "1; mode=block"
Header set X-Content-Type-Options nosniff
Header Referrer-Policy: no-referrer-when-downgrade
http  wordpress  security  xss  howto  tutorial  administration 
24 days ago by mwolffhh
GitHub - raz-varren/xsshell: An XSS reverse shell framework
XSShell is a cross-site-scripting reverse shell... Okay, well maybe it's not a true reverse shell, but it will allow you to interact in real time with an XSS victim's browser.

Just run the xsshell binary to setup your listener endpoint, do your XSS thing to get the exploit js onto the victim's browser, and as soon as they run it you should see something like this popup in your console
xss  webapp 
5 weeks ago by whip_lash
Big List of Naughty Strings
The Big List of Naughty Strings is an evolving list of strings which have a high probability of causing issues when used as user-input data. This is intended for use in helping both automated and manual QA testing; useful for whenever your QA engineer walks into a bar.
strings  string  user-input  input  test  xss 
6 weeks ago by vaupeh
XSSFuzzer - A Tool Which Generates XSS Payloads Based On User-Defined Vectors And Fuzzing Lists - KitPloit - PenTest & Hacking Tools for your CyberSecurity Kit ☣
XSS Fuzzer is a simple application written in plain HTML/JavaScript/CSS which generates XSS payloads based on user-defined vectors using multiple placeholders which are replaced with fuzzing lists.
It offers the possibility to just generate the payloads as plain-text or to execute them inside an iframe. Inside iframes, it is possible to send GET or POST requests from the browser to arbitrary URLs using generated payloads.
xss  pentest  webapp 
7 weeks ago by whip_lash

« earlier    

related tags

active  administration  amp  analysis  appsec  archive  article  attack  attacks  blog  breakout  britishairways  browser  cache  cheatsheet  check  checklist  code  contentsecuritypolicy  cookies  csp  csrf  demo  dev  developer  dom  escape  escaping  exploit  for  forgery  fullstack  fuzzing  game  gif  github  google  guide  hacking  header  howto  html  http  https  humor  important  infosec  input  javascript  jquery  js  learning  lfi  library  lists  localstorage  log  logging  management  markdown  meta_data  online  opensource  osint  pdf  pentest  pentesting  plugin  poc  pocket  poisoning  polyglot  polygot  python  qa  react  recon  reference  referer  request  saml  sanitize  sanitizer  scanner  scripting  security  semple  sql  string  strings  targeting  test  testing  tip  tips  tolearn  tools  top  toread  totest  totry  tounderstand  tracking  trusted  tutorial  types  user-input  utilities  vulnerabilities  vulnerability  web  webapp  webdesign  webdev  wordpress  wp 

Copy this bookmark: