XSS HTTP Inject0r!
- 2014 -
GPLv3
"little rabbit"
version
Method
(HTTP method):
GET
POST
PoC
-> Target:
sandbox/search.php
-> Vuln.:
search_text
-> Vector:
">
|
SandBoX (HTTP-GET)
|
Load PoC
PoC
-> Target:
sandbox/search.php
-> Vuln.:
search_text
-> Vector:
">
|
SandBoX (HTTP-POST)
|
Load PoC
Target
(Url to target's form):
(
ex: http://vulnsite.com/contact.php
)
Vulnerability
(Vulnerable parameter):
(
ex: contact_email
)
Vector
(Code prefix to inject):
(
ex: ">
)
JS Alert
Cookie Popup
HTML Marquee
Cookie Grabbing
Defacement
Custom Script
Custom injection:
Grabbing URL:
