Quote:(02-21-2021, 08:53 PM)SCARIO Wrote:

[To see links please register here]

as if the list repeats the same

[To see links please register here]

Quote:(05-23-2021, 01:55 PM)DedSpace Wrote:

[To see links please register here]

What's going on in all of those scripts is making a little alert box pop up saying "123", "XSS" etc. there is no actual exploit there. Those are useful however for when you do find an actual XSS vulnerability, to test if the page actually is vulnerable.

If you want to do any XSS exploitation, you need to learn Javascript. In your browser, right click on something in this page then click "Inspect Element". You should now have a little section in the bottom or side of your browser with the HTML of this webpage. Now select "Console" tab in the section where the code is. Now type in:

Hidden Content

And press enter. You should see a little box pop up saying "Hello, World!". Writing JS into the console will only affect your own browser, so is of no use for XSS, but I just thought you should see JS in action before learning about XSS.

Cross Site Scripting (XSS) is when you are able to inject javascript into the webpage, usually through some user input field which can also be set in a GET request in the URL. So if there was a website which sends your input through a GET request which was also vulnerable to XSS like a search box or something, you would put your malicious script in the search box (with "<script>" tags), and then the script would be a part of the HTML and would execute when loaded in your browser. So if the GET request was in the URL, you could copy the URL and send it to a victim and the script would run in their browser.