Lab: Exploiting Reflected XSS into Attribute with Angle Brackets HTML-Encoded
Introduction In this post, we’ll dissect a common Cross-Site Scripting (XSS) vulnerability…
Lab: DOM XSS in jQuery Selector Sink Using a `hashchange` Event
Vulnerability Type: DOM-based Cross-Site Scripting (XSS) Attack Vector The vulnerable application uses…
Lab: DOM XSS in jQuery Anchor `href` Attribute Sink Using `location.search` Source
Vulnerability Type: DOM-based Cross-Site Scripting (XSS) Attack Vector The vulnerable application dynamically…
Lab: DOM XSS in `innerHTML` Sink Using Source `location.search`
Vulnerability Type: DOM-based Cross-Site Scripting (XSS) Attack Vector The vulnerable application dynamically…
Lab: DOM XSS in `document.write` Sink Using Source `location.search`
Vulnerability Type: DOM-based Cross-Site Scripting (XSS) Attack Vector The vulnerable application dynamically…
Lab: Reflected XSS into HTML Context with Nothing Encoded
Vulnerability Type: Reflected Cross-Site Scripting (XSS) Attack Vector The vulnerable application reflects…
Lab 2: Stored XSS into HTML Context with Nothing Encoded
Vulnerability Type: Stored Cross-Site Scripting (XSS) Attack Vector The vulnerable application stores…
