[OWASP-Security101] Help with Proof of Concept - XSS
tom.mackenzie at owasp.org
Wed Jul 4 10:45:28 UTC 2012
Also make sure your browser doesn't use anti-xss techniques i.e. don't use
At SpiderLabs we use videos in our reports and we use a video of a browser
hooked in beEf.
On Thu, Jun 28, 2012 at 4:17 AM, Owasp-Manila <michael.dungog at owasp.org>wrote:
> Hi Patrick,
> I suggest that do not try any of rsnake cheat sheet examples on any web
> applications or system unless you have permission from the system owner. I
> guess that is the most important thing you are missing.
> Build your own pentest lab and learn from it. You can play with the
> following vulnerable systems or google it for more.
> On Jun 28, 2012, at 10:49 AM, Patrick Laverty <patrick_laverty at brown.edu>
> > I've identified a site where I can inject anything into the source,
> > like basic text, html tags or images from any other site. I'd like to
> > show the owner something a little more scary than that. I tried to add
> > into the source, but I don't get the alert box to show. I did turn off
> > my popup blocker in the browser. I tried most of the suggestions from
> > the rsnake cheat sheet too.
> > Any suggestions on what I could be missing?
> > Thank you.
> > _______________________________________________
> > Security101 mailing list
> > Security101 at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/security101
> > List Run By OWASP
> > List Admin: Michael.Coates at owasp.org
> Security101 mailing list
> Security101 at lists.owasp.org
> List Run By OWASP
> List Admin: Michael.Coates at owasp.org
More information about the Security101