ezXSS: Test Blind Cross Site Scripting

  • 0
Blind Cross Site Scripting

ezXSS: Test Blind Cross Site Scripting

Category : Blog

Blind Cross Site Scripting

Blind cross site scripting (BXSS) is a variation of stored XSS, where the injection point and the execution point are different. It’s harder to find and certainly requires a different methodology than testing for stored (non-blind), reflected, or even DOM-based XSS.

Typically, with stored Blind cross site scripting, the payload is executed on the same page it was injected in.

Blind Cross Site Scripting

ezXSS: Test Blind Cross Site Scripting

ezXSS is an easy way to test blind Cross Site Scripting.

Cross-site Scripting (XSS) refers to client-side code injection attack wherein an attacker can execute malicious scripts (also commonly referred to as a malicious payload) into a legitimate website or web application. XSS is amongst the most rampant of web application vulnerabilities and occurs when a web application makes use of unvalidated or unencoded user input within the output it generates.

ezXSS

Features of ezXSS:

  • Easy to use dashboard with statics, payloads, view/share/search reports and more
  • Payload generator
  • Instant email alert on the payload
  • Custom javascript for extra testing
  • Prevent double payloads from saving or alerting
  • Share reports with other ezXSS users
  • Easily manage and view reports in the system
  • Search for reports in no time
  • Secure your system account with extra protection (2FA)
  • The following information is collected on a vulnerable page:
  • The URL of the page
  • IP Address
  • Any page referer (or share referer)
  • The User-Agent
  • All Non-HTTP-Only Cookies
  • Full HTML DOM source of the page
  • Page origin
  • Time of execution
  • its just ez

Payload

Required

  • PHP 5.5 or up
  • A domain name (consider a short one)
  • An SSL if you want to test on https websites (consider Cloudflare or Let’s Encrypt for a free SSL)

SSL

Blind Cross site Scripting (XSS) Vulnerability Detection

One of the major features that XSS Hunter offers is the ability to find blind XSS. This is a vulnerability where an XSS payload fires in another user’s browser (such as an administrative panel, support system, or logging application) which you cannot “see” (e.g. it does not fire in your browser). XSS Hunter addresses this by recording extensive information about each payload fire in its database.

XSS

 

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

 RHCE  training

CEH V9  training

Diploma in Network Security Training

Secure Coding in Java

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advanced Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

Digital marketing

CCNA training

Android Training

Cybersecurity services that can protect your company:

 

Web Security | Web Penetration Testing

Network Penetration Tester – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 


Leave a Reply

Show Buttons
Hide Buttons