29 articles
Learn how to exploit a Reflected XSS inside a JavaScript string in PortSwigger Lab. Step-by-step guide to escape from a string and execute JavaScript code when angle brackets are HTML-encoded.
Learn how to exploit a Stored XSS in the href attribute of an anchor in PortSwigger Lab. Step-by-step guide to execute JavaScript when clicking on the comment author's name when double quotes are HTML-encoded.
Learn how to exploit a Reflected XSS in an HTML attribute in PortSwigger Lab. Step-by-step guide to inject a malicious attribute that executes JavaScript when angle brackets are HTML-encoded.
Learn how to exploit a DOM XSS in jQuery selector sink using hashchange event in PortSwigger Lab. Step-by-step guide to create an exploit that executes JavaScript code by leveraging vulnerabilities in jQuery selectors.
Learn how to exploit a DOM XSS in jQuery href attribute using location.search in PortSwigger Lab. Step-by-step guide to execute JavaScript code by leveraging vulnerabilities in anchor href attributes.
Step-by-step resolution of the PortSwigger lab on DOM XSS using innerHTML sink with source location.search to execute malicious JavaScript code.
Learn how to exploit DOM XSS in document.write by escaping from an img element and executing JavaScript code through the search bar.
Step-by-step resolution of the PortSwigger lab on Stored XSS in HTML context without encoding, exploiting comments to execute malicious JavaScript code.
Step-by-step resolution of the PortSwigger lab on Reflected XSS in HTML context without encoding, exploiting the search bar to execute JavaScript code.
If you like the content and want to support the project, you can buy me a coffee. Your support helps keep the site active and create more quality content.
Buy me a coffeeThanks for your support 🙏