XSSmh - Cross-Site Scripting
|
Cross-Site Scripting
||
Challenges
|
Input Sanitization:
Criteria for manipulating, escaping, or rejecting attack strings
Double-up Single Quotes:
Sanitization Level:
No sanitization
Accept Only Whitelisted Items
Case-Sensitively Reject Blacklisted Items
Case-Insensitively Reject Blacklisted Items
Backslash-Escape Blacklisted Items
Case-Sensitively Remove Blacklisted Items
Case-Insensitively Remove Blacklisted Items
Case-Insensitively and Repetitively Remove Blacklisted Items
Pattern matching style
Keywords
Regexes
Enter comma-separated keywords or regexes
to whitelist or blacklist below.
Sanitization Parameters:
Environmental Settings:
Simulate transient application issues
Random Failure?
Random Time Delay?
Output Level:
Configure the verbosity of output received
Output Results:
All results
One result
Boolean (result vs no result)
No results
Error Verbosity:
Verbose error messages
Generic error messages
No error messages
Show payload in context?:
Injection Parameters:
Enter your attack string and point of injection
Injection String:
Injection Location:
Body
Attribute value (wrapped in single quotes)
Attribute value (wrapped in double quotes)
Attribute value (not wrapped in quotes)
Image URL
JavaScript
Custom HTML (*INJECT* specifies injection point):
Persistent?
|
SQLol
||
XMLmao
||
ShelLOL
||
XSSmh
||
CryptOMG
||
RFIdk
||
PHPwn
|