search
HomeGitHubPortfolioTwitter/XMediumCont@ct

5.3 - Cross Site Scripting

hashtag
Topics

  1. XSS Anatomy

  2. Reflected XSS

  3. Stored XSS

  4. DOM-Based XSS

  5. Identifying & Exploiting XSS with XSSer

LogoCross Site Scripting (XSS) | OWASP Foundationowasp.orgchevron-right

hashtag
Cross-Site Scripting (XSS)

Cross-Site Scripting (XSS) constitutes a client-side web vulnerability enabling attackers to embed malicious scripts into web pages.

This vulnerability often arises from inadequate input sanitization/validation within web applications.

Attackers exploit XSS vulnerabilities to insert harmful code into web applications. Given that XSS is a client-side vulnerability, these scripts execute within the victim's browser.

XSS vulnerabilities impact web applications deficient in input validation and reliant on client-side scripting languages such as JavaScript, Flash, CSS, etc.

hashtag
Web Basics

14 - Hacking Web Appschevron-right

hashtag
Practise

🔬 There are many vulnerable testing web apps like:

chevron-rightDVWAhashtag

The Damn Vulnerable Web Application (DVWA) is a web application built with PHP and MySQL intentionally designed to be susceptible to security vulnerabilities. Its primary purpose is to serve as a resource for security professionals to assess their skills and tools within a legal context. Additionally, it aids web developers in gaining a deeper understanding of the processes involved in securing web applications and facilitates learning about web application security for both students and teachers in a controlled classroom setting.

DVWA is designed to provide a platform for practicing various common web vulnerabilities at different difficulty levels, all presented through a simple and user-friendly interface. It's important to note that there are deliberate both documented and undocumented vulnerabilities within the software, encouraging users to explore and identify as many issues as possible.

LogoGitHub - digininja/DVWA: Damn Vulnerable Web Application (DVWA)GitHubchevron-right
DVWA
LogoCross-Site Scripting (XSS) Cheat Sheet - 2025 Edition | Web Security AcademyWebSecAcademychevron-right

hashtag
DVWA - My Writeups

DVWAchevron-right

hashtag
Theory and Lab platform

LogoAll labs | Web Security AcademyWebSecAcademychevron-right
Web Burp Suite Security Academy

hashtag
❗ Disclaimer

Never use tools and techniques on real IP addresses, hosts or networks without proper authorization!

Never run these techniques on un-authorized addresses

Previous5.2.8 Shodan HQNext5.3.1 XSS Anatomy

Last updated