xss   6504

« earlier    

Microsoft Word Document Upload to Stored XSS: A Case Study
An XSS attack using MS Word Documents that can be uploaded and downloaded. Lists a few defenses against the attack also.
xss  security  webdevelopment  via:HackerNews 
7 days ago by mcherm
htmLawed, script / software to secure / sanitize / purify / filter HTML / XHTML using PHP
HTML filter-purifier to restrict & tidy HTML, and remove XSS, a PHP Labware internal utility
html  php  security  xss  validator 
18 days ago by jlancaster
Unleashing an Ultimate XSS Polyglot · 0xSobky/HackVault Wiki
When it comes to testing for cross-site scripting vulnerabilities (a.k.a. XSS), you’re generally faced with a variety of injection contexts where each of which requires you to alter your injection payload so it suites the specific context at hand. This can be too tedious and time consuming in most cases, but luckily, XSS polyglots can come in handy here to save us a lot of time and effort.

What is an XSS polyglot?
An XSS polyglot can be generally defined as any XSS vector that is executable within various injection contexts in its raw form.
xss  reference 
6 weeks ago by wck

« earlier    

related tags

3217  :velo:toimplement  address  algorithm  and  angular  application  appsec  archive  article  asp.net  attack  attacks  authentication  basic  best  blackhat  blind  book  browser  browsers  bugbounty  cheatsheet  checklist  code  codereview  content.security.policy  crawl  crm  cross-site-scripting  cross  crosssitescripting  csp  csrf  css  cybersecurity  development  devops  disclosure  dom  dompurify  drop  dynamics  email  encoding  escaping  esi  ethereum  exfiltration  exploit  exploitation  filter  firefox  funbutserious  fundamentals  fuzzing  genetic  german  getting  github  greater  guide  guides  hack  hacking  hacks  heise  how-to  html  html5  http  iframe  important  infosec  injection  innerhtml  input  java  javascript  js  jsp  keskiviikko  learn  learning  less  lfi  library  mailsploit  microsoft  mozilla  mta  netsec  network  npm  or  owasp  parser  pdf  pentest  pentesting  phantomjs  php  pocket  practice  practices  programming  purify  python  rce  react  reference  regxp  reporting  resource  rfc-1342  rfc  rfc1342  sanitize  sanitizer  santization  scan  script  scripting  security  sender  serialization  serviceworker  site  spoofing  spring  sql-injection  sql  sql_injection  ssrf  string  strings  tax  template  testing  than  toolkit  tools  tutorial  tutorials  uk  utilities  validation  validator  video  vulnerabilites  vulnerability-scanner  vulnerability  web-development  web  webapp  webappsec  webdev  webdevelopment  websec  whitehat  windows  without  xsrf  zap 

Copy this bookmark: