| Meta Tag | Content |
|---|---|
| viewport | width=device-width,minimum-scale=1,initial-scale=1,maximum-scale=1 |
| theme-color | #000000 |
| twitter:app:name:iphone | Medium |
| twitter:app:id:iphone | 828256236 |
| title | XSS exploitation without using the <script> tag | by Nol White Hat | Sep, 2023 | InfoSec Write-ups |
| description | In this article I will explain what Cross-Site Scripting (XSS) is and show you how attackers can exploit XSS. For example, how an attacker can grab the victim’s stored browser passwords. In order to… |
| author | Nol White Hat |
| robots | index,follow,max-image-preview:large |
| referrer | unsafe-url |
| twitter:site | @InfoSecComm |
| twitter:app:url:iphone | medium://p/4b200fd52cea |
| twitter:image:src | https://miro.medium.com/v2/resize:fit:488/1*LEMfGMfNoDrzVUn6-RexFw.png |
| twitter:card | summary_large_image |
| twitter:label1 | Reading time |
| twitter:data1 | 15 min read |
| twitter:tile:template:testing | 2 |
| twitter:tile:image | https://miro.medium.com/v2/resize:fit:488/1*LEMfGMfNoDrzVUn6-RexFw.png |
| twitter:tile:info1:icon | Person |
| twitter:tile:info1:text | Nol White Hat |
| twitter:tile:info2:icon | Calendar |
| twitter:tile:info2:text | Sep 22, 2023 |
| twitter:cta | Read on Medium |
| Website Page URL | https://infosecwriteups.com/xss-exploitation-that-goes-beyond-script-alert-test-script-4b200fd52cea |
We found around "2" h1 tags which are found in this page url and are available in the table below.
| S.no | h1 tag content |
|---|---|
| 1 | XSS exploitation without using the <script> tag |
| 2 | PoC exploiting XSS |
We found around "19" h2 tags which are found in this page url and are available in the table below.
| S.no | h2 tag content |
|---|---|
| 1 | What is cross-site scripting (XSS) and how to prevent it? | Web Security Academy |
| 2 | Written by Nol White Hat |
| 3 | More from Nol White Hat and InfoSec Write-ups |
| 4 | Exploiting CORS misconfigurations |
| 5 | Instagram Password Hacking |
| 6 | My debut with a Critical Bug: How I found my first bug (API misconfiguration) |
| 7 | Get yourself a rooted Android Virtual Device (AVD) |
| 8 | Recommended from Medium |
| 9 | DOM-based XSS via DOM Invader |
| 10 | How I Hacked JioNews? |
| 11 | Lists |
| 12 | Staff Picks |
| 13 | Stories to Help You Level-Up at Work |
| 14 | Self-Improvement 101 |
| 15 | Productivity 101 |
| 16 | Evil Twin Attack: Steal Wi-Fi Password |
| 17 | API Information Disclosure Leading to Admin Account Takeover |
| 18 | How I Hacked my College Website totally just with SQL Injection (Part 1) |
| 19 | How did I get 3300$ With Just FFUF!! |
We found around "11" h3 tags which are found in this page url and are available in the table below.
| S.no | h3 tag content |
|---|---|
| 1 | In this section, we'll explain what cross-site scripting is, describe the different varieties of cross-site scripting… |
| 2 | Summary |
| 3 | Hii Amigos in todays article we were going to learn how to hack Instagram passwords by Brute-force attack |
| 4 | Finally, the day arrived when I could share my own findings, rather than just reading other researchers’ findings (which I truly love to… |
| 5 | Summary In the article, I will demonstrate how to create a new rooted Android Virtual Device with the latest Android (AVD) version (Android… |
| 6 | Enable DOM invader. |
| 7 | JioNews is a news app for breaking news every second. It has 190+ live news channels, Magazines, newspapers, viral videos, and news… |
| 8 | Cracking wifi password through a dictionary attack can only be successful if the password is listed in the wordlist that you are using… |
| 9 | Hi everyone! In this project, my primary responsibility was to identify vulnerabilities in the website’s APIs. I’d like to share an… |
| 10 | Intro : Hello all Hackers! Todays I will discuss about you that how I hacked my University Website , get access to the Website… |
| 11 | By searching inside one of the Bitcoin platforms I found there a place to document accounts by sending documents such as ID or passport… |
Unfortunately we were not able to find any h3 tag in the URL of this page.
Unfortunately we were not able to find any h3 tag in the URL of this page.
Unfortunately we were not able to find any h3 tag in the URL of this page.
| S.no | Tag content |
|---|---|
| 1 | XSS exploitation without using the <script> tag |
| 2 | Summary |
| 3 | Disclaimer |
| 4 | Details |
| 5 | PoC exploiting XSS |
| 6 | Preparation steps vulnerable server (Ubuntu) |
| 7 | Preparation steps on the attacker machine |
| 8 | PoC XSS |
| 9 | Stealing user cookies |
| 10 | Stealing saved brower credentials |
| 11 | Starting a keylogger |
| 12 | Adding entries to the target database |
| 13 | . |
| 14 | Prevention XSS vulnerabilities |
| 15 | References |
| S.no | Tag content |
|---|
| S.no | Tag content |
|---|
| S.no | Tag content |
|---|
| S.no | Anchor tag Content |
|---|---|
| 1 | Open in app |
| 2 | Sign up |
| 3 | Sign In |
| 4 | Write |
| 5 | Nol White Hat |
| 6 | Follow |
| 7 | InfoSec Write-ups |
| 8 | https://www.reddit.com/r/xss/ |
| 9 | https://192.168.62.161/ |
| 10 | https://192.168.62.174 |
| 11 | https://192.168.62.174/setup.php |
| 12 | https://www.geeksforgeeks.org/how-to-setup-burp-suite-for-bug-bounty-or-web-application-penetration-testing/ |
| 13 | https://192.168.62.174/vulnerabilities/xss_r/ |
| 14 | https://portswigger.net/web-security/cross-site-scripting/cheat-sheet |
| 15 | https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-src |
| 16 | https://192.168.62.161/xss.js |
| 17 | https://www.trustedsec.com/blog/cross-site-smallish-scripting-xsss |
| 18 | What is cross-site scripting (XSS) and how to prevent it? | Web Security AcademyIn this section, we'll explain what cross-site scripting is, describe the different varieties of cross-site scripting…portswigger.net |
| 19 | https://pentest-tools.com/blog/xss-attacks-practical-scenarios |
| 20 | Pentesting |
| 21 | Xss Attack |
| 22 | Web Security |
| 23 | Written by Nol White Hat |
| 24 | 144 Followers |
| 25 | Exploiting CORS misconfigurationsSummary |
| 26 | 10 min read·Sep 6 |
| 27 | iam_with_you11 |
| 28 | Instagram Password HackingHii Amigos in todays article we were going to learn how to hack Instagram passwords by Brute-force attack |
| 29 | 2 min read·Feb 23 |
| 30 | 14 |
| 31 | whit3ros3 |
| 32 | My debut with a Critical Bug: How I found my first bug (API misconfiguration)Finally, the day arrived when I could share my own findings, rather than just reading other researchers’ findings (which I truly love to… |
| 33 | 4 min read·Sep 7 |
| 34 | 4 |
| 35 | Get yourself a rooted Android Virtual Device (AVD)Summary In the article, I will demonstrate how to create a new rooted Android Virtual Device with the latest Android (AVD) version (Android… |
| 36 | 5 min read·Jun 11, 2022 |
| 37 | See all from Nol White Hat |
| 38 | See all from InfoSec Write-ups |
| 39 | Wei Chen |
| 40 | DOM-based XSS via DOM InvaderEnable DOM invader. |
| 41 | 5 min read·Sep 5 |
| 42 | Viral Vaghela |
| 43 | How I Hacked JioNews?JioNews is a news app for breaking news every second. It has 190+ live news channels, Magazines, newspapers, viral videos, and news… |
| 44 | 4 min read·6 days ago |
| 45 | Staff Picks454 stories·296 saves |
| 46 | Stories to Help You Level-Up at Work19 stories·221 saves |
| 47 | Self-Improvement 10120 stories·597 saves |
| 48 | Productivity 10120 stories·555 saves |
| 49 | Vengeance |
| 50 | Evil Twin Attack: Steal Wi-Fi PasswordCracking wifi password through a dictionary attack can only be successful if the password is listed in the wordlist that you are using… |
| 51 | 4 min read·Jul 5 |
| 52 | Kaan Atmaca |
| 53 | API Information Disclosure Leading to Admin Account TakeoverHi everyone! In this project, my primary responsibility was to identify vulnerabilities in the website’s APIs. I’d like to share an… |
| 54 | 2 min read·5 days ago |
| 55 | @Subhankar Paul |
| 56 | How I Hacked my College Website totally just with SQL Injection (Part 1)Intro : Hello all Hackers! Todays I will discuss about you that how I hacked my University Website , get access to the Website… |
| 57 | 3 min read·Sep 5 |
| 58 | Ahmed Najeh |
| 59 | How did I get 3300$ With Just FFUF!!By searching inside one of the Bitcoin platforms I found there a place to document accounts by sending documents such as ID or passport… |
| 60 | 1 min read·Jul 2 |
| 61 | 2 |
| 62 | See more recommendations |
| 63 | Help |
| 64 | Status |
| 65 | Writers |
| 66 | Blog |
| 67 | Careers |
| 68 | Privacy |
| 69 | Terms |
| 70 | About |
| 71 | Text to speech |
| 72 | Teams |
If you have any inquiries or feedback, please don't hesitate to reach out to us at [email protected]. We will respond to your request as soon as possible. Thank you very much for your interest!