2

Anyone have any info about unconventional ways to inject JavaScript into an external website? I'm trying to become more knowledgeable about security vulnerabilities in the web apps I build and I've been having a lot of fun trying this stuff out in other live sites haha. I've tried adding js code to text boxes, input fields, and the uri but nothing has been successful. I read something about modifying cookies I think...

Comments
  • 1
    Look it up on owasp , they should have some extensive info on those xss injections :) also developer console is your friend , tip#1 : uncover anything hidden .
  • 1
    In browser, does using the URL count? Like `javascript:alert("hello world");void(0);`
  • 0
    @adracea thanks! I'll report back any success I have hehe
  • 0
    @gummy yeah! Actually the best results I've seen have been from just inserting null into the URL. Seems to confuse the routing in most sites and cause a bunch of errors in the console. Looks like a good starting point haha
  • 0
    @adracea the owasp resources are great! thanks again!
  • 0
    @reduxtris No probs , just be careful and I suggest you start with owasp broken apps , or just get the webgoat in order to learn more about those things .
Add Comment