[OWASP-Security101] Help with Proof of Concept - XSS

Tom Mackenzie tom.mackenzie at owasp.org
Wed Jul 4 10:45:28 UTC 2012


Also make sure your browser doesn't use anti-xss techniques i.e. don't use
Chrome.

At SpiderLabs we use videos in our reports and we use a video of a browser
hooked in beEf.

Thanks,


On Thu, Jun 28, 2012 at 4:17 AM, Owasp-Manila <michael.dungog at owasp.org>wrote:

> Hi Patrick,
>
> I suggest that do not try any of rsnake cheat sheet examples on any web
> applications or system unless you have permission from the system owner. I
> guess that is the most important thing you are missing.
>
> Build your own pentest lab and learn from it. You can play with the
> following vulnerable systems or google it for more.
>
> http://code.google.com/p/webgoat/
> https://github.com/adamdoupe/WackoPicko
> http://www.dvwa.co.uk/
> https://github.com/SpiderLabs/SQLol
>
>
> Regards,
>
> Michael
>
> On Jun 28, 2012, at 10:49 AM, Patrick Laverty <patrick_laverty at brown.edu>
> wrote:
>
> > I've identified a site where I can inject anything into the source,
> > like basic text, html tags or images from any other site. I'd like to
> > show the owner something a little more scary than that. I tried to add
> > in <script type='text/javascript'>alert(1)</script> and that does go
> > into the source, but I don't get the alert box to show. I did turn off
> > my popup blocker in the browser. I tried most of the suggestions from
> > the rsnake cheat sheet too.
> >
> > Any suggestions on what I could be missing?
> >
> > Thank you.
> > _______________________________________________
> > Security101 mailing list
> > Security101 at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/security101
> > List Run By OWASP
> > List Admin: Michael.Coates at owasp.org
> _______________________________________________
> Security101 mailing list
> Security101 at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/security101
> List Run By OWASP
> List Admin: Michael.Coates at owasp.org
>


More information about the Security101 mailing list