Friday, February 21, 2014

Web App Pentest - Part 5 XSS


In my previous article we have seen which are the different ways of fuzzing including suffix and prefix. We used those fuzzing techniques in order to find error messages in web application. Now as we know how to fuzz, we will use that skill to find XSS generally known as cross site scripting.

Testing For XSS

Without wasting much time, let us go to, Document viewer page under A3 Cross site scripting(XSS) module. In there are various method of exploiting XSS but first we will choose simple method which is HTTP attribute.