exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 87 RSS Feed

Files

xss-walkthrough.txt
Posted Aug 15, 2007
Authored by t0pp8uzz, xprog

Whitepaper entitled "XSS The Complete Walkthrough". Written to discuss how web developers should code securely to negate cross site scripting vulnerabilities.

tags | paper, web, vulnerability, xss
SHA-256 | 49155974d24086509ddb711af7801ff27158e8ee699325d11e5b2a93f9a65bb5

Related Files

XSSer Penetration Testing Tool 1.8-2
Posted Nov 18, 2019
Authored by psy | Site xsser.03c8.net

XSSer is an open source penetration testing tool that automates the process of detecting and exploiting XSS injections against different applications. It contains several options to try to bypass certain filters, and various special techniques of code injection.

Changes: Ported to Python 3.x. Added anti-antixss firewall rules. Added requirements. Updated documentation and website.
tags | tool, scanner
systems | unix
SHA-256 | 4db2282f00ea2a5023d67512a87ebbd90ad26fa3ba4213dd4bbc01fcde913474
XSSer Penetration Testing Tool 1.8-1
Posted Sep 23, 2019
Authored by psy | Site xsser.03c8.net

XSSer is an open source penetration testing tool that automates the process of detecting and exploiting XSS injections against different applications. It contains several options to try to bypass certain filters, and various special techniques of code injection.

Changes: Removed deprecated features and --no-head (from default). Added new options and new search engines. Various other updates and fixes.
tags | tool, scanner
systems | unix
SHA-256 | 478be92d5c9e1ba6b94ccdffa1be0df350845ddd37a99028c4a0e492b56ce00e
How Do You Use An XSS As A Keylogger?
Posted Mar 10, 2019
Authored by Ismail Tasdelen

This is the world's shortest whitepaper showing how to use javascript to record keystrokes and log them.

tags | paper, javascript
SHA-256 | 452b243fcf2a671a92277b9e80e8b47424a356ab202675137a11081010534860
XSS Fuzzer
Posted Nov 28, 2018
Authored by Poyo VL | Site xssfuzzer.com

XSS Fuzzer is a simple application written in plain HTML/JavaScript/CSS which generates XSS payloads based on user-defined vectors using multiple placeholders which are replaced with fuzzing lists. It offers the possibility to just generate the payloads as plain-text or to execute them inside an iframe. Inside iframes, it is possible to send GET or POST requests from the browser to arbitrary URLs using generated payloads.

tags | tool, arbitrary, javascript, fuzzer
SHA-256 | 75dbb38b248d52be321de6e1340065eac23ecbb902931e83075eb886bfa9a0bb
XSSer Penetration Testing Tool 1.7-2
Posted Apr 13, 2018
Authored by psy | Site xsser.03c8.net

XSSer is an open source penetration testing tool that automates the process of detecting and exploiting XSS injections against different applications. It contains several options to try to bypass certain filters, and various special techniques of code injection.

Changes: Fixed SSL. Updated search engines. Various other updates and fixes.
tags | tool, scanner
systems | unix
SHA-256 | f3643ed372ddd09f0461d33b192bf5f8aba9d83401f609a01c6deda37718b913
Cross Site Scripting In A Nutshell
Posted Mar 26, 2018
Authored by Tahar Amine ELHOUARI | Site taharamine.me

Whitepaper called Cross Site Scripting 'XSS' In A Nutshell.

tags | paper, xss
SHA-256 | 695d2b954f4e3f92af84560cd50399eb8681efd6c5c34c52add3dfb690d2875a
HackBack - A DIY Guide For Those Without The Patience To Wait For Whistleblowers
Posted Apr 26, 2017
Authored by Phineas Fisher

Whitepaper entitled HackBack - A DIY Guide for those without the patience to wait for whistleblowers.

tags | paper
SHA-256 | 8a4bf253d346e6edb5debbc3d0af1853e0c2c708d9b3c1a2b28a8685f580d674
HackBack - A DIY Guide, Spanish Version
Posted Apr 26, 2017
Authored by Phineas Fisher

Whitepaper entitled HackBack - A DIY Guide. Written in Spanish.

tags | paper
SHA-256 | cd9224d9caca3f6b88269980123d5374486f1353fbc9efb50253557b2a53a6c0
HackBack - A DIY Guide
Posted Apr 26, 2017
Authored by Phineas Fisher

Whitepaper entitled HackBack - A DIY Guide.

tags | paper
SHA-256 | 13106443a0101118a7a673f7eab1962e92e195d9d493092b209fc627e5dc9db6
XSSer Penetration Testing Tool 1.7b
Posted Feb 24, 2016
Authored by psy | Site xsser.03c8.net

XSSer is an open source penetration testing tool that automates the process of detecting and exploiting XSS injections against different applications. It contains several options to try to bypass certain filters, and various special techniques of code injection.

Changes: Removed deprecated features. Updated Automatic XSS vectors list. Added XST. Many other updates and fixes.
tags | tool, scanner
systems | unix
SHA-256 | e76427aab3dc3833b04e100ded60a2eb29b0f01256f63bdd522d21a5e322a603
New Methods In Automated XSS Detection And Dynamic Exploit Creation
Posted Oct 13, 2015
Authored by Kenneth F. Belva

This slide deck consists of three presentations showing both an overall and detailed view of the new patent pending methods to make cross site scripting (XSS) detection more accurate and faster as well as the creation of dynamic exploits. It was presented at OWASP AppSecUSA 2015.

tags | paper, xss
SHA-256 | 32bc66497949946f49a5d475504377f6fb06a5d809e9e46ec66cb3f3191a2b7b
Identifier-Based XSSI Attacks
Posted Apr 15, 2015
Authored by Takeshi Terada

This whitepaper focuses on a method of stealing data as a client side script's identifier (variable or function name). The author describes these attack techniques / browser vulnerabilities and then discuss countermeasures for these issues.

tags | paper, vulnerability
advisories | CVE-2014-6345, CVE-2014-7939
SHA-256 | 8bfa6b14e13a3f906c5514c4e8df9d61d08c0fdbec7c3caccf3b7b25358569b0
XSSYA Cross Site Scripting Scanner 2.0
Posted Mar 11, 2015
Authored by Yehia Mamdouh

XSSYA is a python tool that attempts malicious payloads for bypassing web application firewalls.

Changes: Library contains 41 payloads now to enhance detection level. Various other updates.
tags | tool, web, scanner, python
systems | unix
SHA-256 | 4a891304832b942ae02f0c50aa5f3cd5605ad3eb59dc5dba4e838a7e9224c7ce
Cross Site Tracer Script
Posted Mar 1, 2015
Authored by 1N3

Cross Site Tracer is a python script to check remote web servers for cross-site tracing.

tags | tool, remote, web, scanner, python
systems | unix
SHA-256 | dc8726f4ecbe474ad3183b07166b65bf745d3357d8e7b02e746133bc810886fc
XSSYA Cross Site Scripting Scanner
Posted Jul 6, 2014
Authored by Yehia Mamdouh

XSSYA is a python tool that attempts malicious payloads for bypassing web application firewalls.

tags | tool, web, scanner, python
systems | unix
SHA-256 | c95115f9d5f22c9536e908df9434a5f94a5a52fc7a3795a81531513d23c665fc
XSS Exploitation Via CHEF
Posted Sep 17, 2012
Authored by Evren Yalcin

This is a whitepaper discussing cross site scripting exploitation via CHEF. Written in Turkish.

tags | paper, web, xss
SHA-256 | e98d82370ead61ff8742ed558bf5d4cbd5999da934538163bf431a5c0c562cf5
Cross Site Scripting Walkthrough
Posted May 18, 2012
Authored by Ahmed Elhady Mohamed

This is a whitepaper that gives a complete cross site scripting walkthrough.

tags | paper, web, xss
SHA-256 | 7ccb4e719b298fb3680cb5feb24cf117a59343f4420b727273ea2fae0666e3a5
Ghosts Of XSS Past, Present, And Future
Posted Feb 18, 2012
Authored by Jim Manico

These are the slides from the Ghost of XSS Past, Present, and Future presentation given at the OWASP AppSec USA 2011 conference.

tags | paper
SHA-256 | 0b66340464b5fd19fc7f01d69d5ed582aa6417b0228f67241d9cd66f22e37f7c
Chicago Tribune Cross Site Scripting
Posted Feb 15, 2012
Authored by Janne Ahlberg

The mobile.chicagotribune.com site suffers from a cross site scripting vulnerability. Editor's note 01/04/2013: Per the advisory author, Chicago Tribune has addressed this vulnerability.

tags | exploit, xss
SHA-256 | cb5868295d95e6e2adccde2d047576233388b74c94df149c189b172e92430175
XssScanner 1.1
Posted Dec 1, 2011
Authored by Romain MILLET, VULNIT | Site vulnit.com

XssScanner is a tool designed to help penetration testers find cross site scripting vulnerabilities. It analyzes a webpage to determine which are the payloads that could be used according to the position of the parameter. Then, for each selected payload, XssScanner sends a request using the payload and checks the returned page to find the payload. The major feature of XssScanner is its ability to detect many encodings that do not change the behavior of the payload (eg: double quote encoded into ").

tags | tool, scanner, vulnerability, xss
systems | unix
SHA-256 | beced1c0c47a2a50b77bc4b4d0a52f446464a99e5678cece598afbfae7977461
XSSer Penetration Testing Tool 1.6-1
Posted Dec 1, 2011
Authored by psy | Site sourceforge.net

XSSer is an open source penetration testing tool that automates the process of detecting and exploiting XSS injections against different applications. It contains several options to try to bypass certain filters, and various special techniques of code injection.

Changes: Various updates.
tags | tool, scanner
systems | unix
SHA-256 | bef3399a296d2bc9f4afa5ff5d431dea9826fc32d8c59e4fc693a7006077308c
XSSer Penetration Testing Tool 1.5-1
Posted Feb 24, 2011
Authored by psy | Site sourceforge.net

XSSer is an open source penetration testing tool that automates the process of detecting and exploiting XSS injections against different applications. It contains several options to try to bypass certain filters, and various special techniques of code injection.

Changes: Various updates.
tags | tool, scanner
systems | unix
SHA-256 | 4de4d18fc0472010c5289b7c509270a9628d2883314d90de3888b92ee68106a0
XSS Street-Fight: The Only Rule Is There Are No Rules
Posted Jan 25, 2011
Authored by Ryan Barnett

Whitepaper called XSS Street-Fight: The Only Rule Is There Are No Rules.

tags | paper, web
SHA-256 | 64907028535179186d11bc145891ad5ff5191ec3b8a3fe45a872e06f47af4b3a
XSSer Penetration Testing Tool 1.0
Posted Nov 10, 2010
Authored by psy | Site sourceforge.net

XSSer is an open source penetration testing tool that automates the process of detecting and exploiting XSS injections against different applications. It contains several options to try to bypass certain filters, and various special techniques of code injection.

tags | tool, scanner
systems | unix
SHA-256 | 8c71afc33432e1adab32907b8d378ff256986b2c14f4d7587b3da25139432944
Cross Site Scripting Paper
Posted Jan 31, 2010
Authored by fred777

This is a whitepaper on cross site scripting written in German.

tags | paper, web, xss
SHA-256 | 84575c90ddd7b89abb93facb4b651f00ea940f399ca79081a089a8f99b5f6d80
Page 1 of 4
Back1234Next

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    16 Files
  • 18
    Jun 18th
    26 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    18 Files
  • 21
    Jun 21st
    8 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    19 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close