15 docs tagged with "XSS with Kurukshetra"

You will learn about what cross-site scripting vulnerability is, the types of cross-site scripting vulnerabilities, and how to identify a stored XSS vulnerability.

Check out how the XSS can be exploited in the HTML <div> tags and learn more about <img> tag-based XSS payload.

Learn how a misconfigured CSP can be bypassed, potentially leading to the successful exploitation of cross-site scripting vulnerability.

Learn how to bypass a misconfigured CSP policy and how it can lead to the successful exploitation of cross-site scripting vulnerability.

Check out how a security risk can arise from an improperly configured dynamic link generation tag and which can result in XSS exploitation.

This article goes into depth discussing an alternative JavaScript function, namely "confirm()". It serves as an alternative for the JavaScript "alert()" function when the latter is unavailable.

You will learn about a reflected XSS and how it differs from the stored XSS. Also, I will walk you through exploiting reflected XSS.

Using the XSS fundamentals learned will look at how poorly implemented input validations can be bypassed with a custom-crafted xss payload.

Welcome back to learning Cross-Site Scripting(XSS) with the Kurukshetra. An app built by d4rk36.

Learn why client-side validation cannot be trusted all the time and how it can be tampered with by using BurpSuite as a proxy for exploiting XSS

Learn how the XSS vulnerability can be found in other params even though it is not editable by the browser using the BurpSuite Proxy tool

Learn how the partially implemented HTML output encoding can be bypassed for exploiting XSS vulnerability using the HTML5 attributes

Check out how the XSS can also be exploited in hidden input parameter fields with examples.

Learn why client-side validation cannot be trusted all the time and how it can be tampered with by browser debugging tools for exploiting XSS

Kurukshetra is an intentionally designed XSS-vulnerable application. XSS is explained with examples, and it's an open-source lab for practicing and learning cross-site scripting vulnerabilities.