Questions tagged [reflected-xss]
The reflected-xss tag has no summary.
96 questions
2 votes
1 answer
266 views
XSS CTF - How to execute payload inside an HTML comment (blacklisted words & encoded characters)
I'm trying to solve a CTF challenge that requires me to obtain the admin cookie through XSS. Here's the situation: -Main form: When I enter any input, it gets reflected in the page, but it is inserted ...
- 21
1 vote
0 answers
141 views
XSS javascript does not execute (bug bounty)
I am doing a bug bounty and i found an XSS injection point. However most tags are filtered and i have been getting no results in executing JS, i can do what ever HTML i want though here are some ...
- 49
0 votes
1 answer
501 views
how to send cookies or token in local storage to a remote server using reflected XSS
I have an XSS vulnerability identified by <script>alert(1);</script> in the url. So when I put it in the url it gets executed (ex: www.example.com/admin/<script>alert(1);</script&...
- 559
0 votes
0 answers
47 views
XSS: bypassing html entity encoding of <,>,& characters [duplicate]
I am currently testing a webapplication that is sanitizing user input by html entity encoding special characters. E.g. <script>alert(1)</script> becomes <script>alert(1)&...
1 vote
0 answers
441 views
Reflected XSS but no Content-Type is specified
I have found parameter that simply reflects into response body, but no Content-Type is specified by server. It doesn't use any XSS-protection mechanisms like CSP or X-XSS-Protection. However, I was ...
- 11
0 votes
1 answer
614 views
With Response header having content-type: application/json, is it still possible to trigger XSS?
The application is responding using the user supplied request but the content type is set as application/json. Is it possible to trigger still XSS? This is a language neutral question, it can be Java,...
- 73
0 votes
1 answer
991 views
XSS bypass in url
I have a website: https://bugbounty.com/test/"injection inside js", but " is escaped with \ and I'm trying to inject </script><script>alert() but https://bugbounty.com/test/&...
1 vote
1 answer
669 views
Jsoup XSS attack with URL encoded input
I'm having a Spring Web Application that exposes REST APIs. I have implemented XSS filter using Jsoup that strips the input using Safelist.NONE. The penetration testing team raised a concern where the ...
- 113