If you want to master XSS, open this thread!
Cross-site scripting vulnerabilities are injection attacks that allow attackers to execute malicious Javascript in your browser! ๐คฏ
A Thread ๐งต๐
Cross-site scripting vulnerabilities are injection attacks that allow attackers to execute malicious Javascript in your browser! ๐คฏ
A Thread ๐งต๐
[1๏ธโฃ] Cross-site scripting by @PortSwigger
If you want to be able to find XSS vulnerabilities, you will NEED to know exactly what an XSS actually is! Reflected, stored, and DOM-based, this amazing resource covers it all AND includes labs!
๐ portswigger.net
If you want to be able to find XSS vulnerabilities, you will NEED to know exactly what an XSS actually is! Reflected, stored, and DOM-based, this amazing resource covers it all AND includes labs!
๐ portswigger.net
[2๏ธโฃ] Cross-Site Scripting (XSS) Explained by @PwnFunction
This remains one of our all-time favorite videos explaining XSS! If you're a visual learner, then this is for you!
๐ youtu.be
This remains one of our all-time favorite videos explaining XSS! If you're a visual learner, then this is for you!
๐ youtu.be
[3๏ธโฃ] XSS mindmap by @JackMasa
Now that you know the basics of XSS, let's see how expansive this vulnerability really is by looking at this massive mindmap! It may be old, but it's still gold!
๐ raw.githubusercontent.com
Now that you know the basics of XSS, let's see how expansive this vulnerability really is by looking at this massive mindmap! It may be old, but it's still gold!
๐ raw.githubusercontent.com
[4๏ธโฃ] Brute XSS by @brutelogic
It isn't easy to talk about XSS without referring to Brutelogic's blog. His resources are incredible!
๐ brutelogic.com.br
It isn't easy to talk about XSS without referring to Brutelogic's blog. His resources are incredible!
๐ brutelogic.com.br
[5๏ธโฃ] XSS cheat sheet by @PortSwigger
Another PortSwigger resource here? Yes of course! This cheat sheet will allow you to craft the exact payloads you need to trigger that alert!
๐ portswigger.net
Another PortSwigger resource here? Yes of course! This cheat sheet will allow you to craft the exact payloads you need to trigger that alert!
๐ portswigger.net
[6๏ธโฃ] XSS challenges by @intigriti
Shameless self-plug! These challenges were created by the community. They're fun, hard and all have writeups available. To summarize: A great resource to learn!
๐ blog.intigriti.com
Shameless self-plug! These challenges were created by the community. They're fun, hard and all have writeups available. To summarize: A great resource to learn!
๐ blog.intigriti.com
[7๏ธโฃ] XSS Bug Bounty Tips by @gowsundar
Here's a list containing a bunch of XSS bug bounty tips compiled by @gowsundar
๐ gowsundar.gitbook.io
Here's a list containing a bunch of XSS bug bounty tips compiled by @gowsundar
๐ gowsundar.gitbook.io
[8๏ธโฃ] Polyglots by @OstorlabSec
You'll often hear people talk about XSS polyglots, but when and where should you actually use them. This blog post is a must-read!
๐ blog.ostorlab.co
You'll often hear people talk about XSS polyglots, but when and where should you actually use them. This blog post is a must-read!
๐ blog.ostorlab.co
[9๏ธโฃ] DO NOT USE alert(1) for XSS by @LiveOverflow
Getting an alert() doesn't always mean you have a valid XSS to submit to the bug bounty program! Wait what? Learn more in this great video!
๐ youtu.be
Getting an alert() doesn't always mean you have a valid XSS to submit to the bug bounty program! Wait what? Learn more in this great video!
๐ youtu.be
[๐] XSStrike by @s0md3v
XSS is a vulnerability that is very difficult to automate with tooling. Attempts to make it easier for you have been made tho! One of them is XSStrike!
๐ github.com
XSS is a vulnerability that is very difficult to automate with tooling. Attempts to make it easier for you have been made tho! One of them is XSStrike!
๐ github.com
That's all for this thread! ๐งต
You've learned enough to go out there and find some XSS! ๐ฉโ๐ป
Do you know any more resources? Be sure to share them in the comments! ๐ฅ
And if you want more of these threads, be sure to leave a like ๐
You've learned enough to go out there and find some XSS! ๐ฉโ๐ป
Do you know any more resources? Be sure to share them in the comments! ๐ฅ
And if you want more of these threads, be sure to leave a like ๐
Loading suggestions...