Feed
Discussions

XSS

XSS

#xss

23 followers·89 articles

XSS

#xss·23 followers·89 articles

XSS

Changelog

New steps component and improved accessibility on Hashnode's blog and docs product.

Nov 05, 2024·

new

Trending Articles

STON.fi & Symbiosis: The Future of Cross-Chain DeFi

IKOABASI UWEM UMOANWAN·55 reads

🚀 STON.fi x Symbiosis: Swapping Just Got a Whole Lot Easier!

VANCE 💎·40 reads

STON.fi x TapSwap: A Game-Changer for DeFi Traders

IKOABASI UWEM UMOANWAN·28 reads

Top commenters this week

Writing Challenges

#2Articles1Week Challenge

Become better at technical writing; accept Hashnode's writing challenge for four weeks.

#2Articles1Week Challenge

#WomenWhoTech

Share your story, achievements, or experiences as a woman, non-binary folk in tech or as a #WomenWhoTech ally!

#WomenWhoTech

Self Starter

Publish your first article on Hashnode and become a self starter!

Self Starter

Serial Blogger

Publish an article every day for 7 days and earn a cool serial blogger badge!

Serial Blogger

Talk of the town

Write a story that drives amazing engagement on Hashnode and become the talk of the town!

Talk of the town

Word Warrior

Write an in-depth article on your Hashnode blog that's more than 2000 words and become a word warrior!

Word Warrior

Shreyash Shukla

Shreyash Shukla

Vinayak Mishra

max

Poonam Thakur

Ugochukwu Ifeanyi

Ugochukwu Ifeanyi

J3bitok

jebitok.hashnode.dev·Feb 15, 2025

Feb 15, 2025

Introduction to Web Hacking: Intro to Cross-site Scripting (TryHackMe)

This article will cover the Intro to Cross-site Scripting write-up under the Web Fundamentals on THM. Room Brief Prerequisites:It's worth noting that because XSS is based on JavaScript, it would be helpful to have a basic understanding of the languag...

Introduction to Web Hacking: Intro to Cross-site Scripting (TryHackMe)

Discuss·2 reads

Larry D'Jean Art

Larry D'Jean Art

harrypage.hashnode.dev·Feb 05, 2025

Feb 05, 2025

XSS in React: Understanding Vulnerable Functions and Security Risks

Although React is designed with security in mind, it does not eliminate XSS (Cross-Site Scripting) vulnerabilities entirely. Developers can still introduce security issues if they improperly handle user input. Below are the most common vulnerable fun...

Discuss·7 reads

Repl

n2l.team·Jan 06, 2025

Jan 06, 2025

Chrome Driver Exploitation with Headache - Final Web Challenge Writeup | CyberSentrix

At the end of 2024, my team and I, Cybersentrix, organized a CTF event aimed at high school students. This event featured two rounds: Qualifiers and Finals. In the Qualifiers, I contributed seven challenges spanning various categories: • 2 Web Challe...

Chrome Driver Exploitation with Headache - Final Web Challenge Writeup | CyberSentrix

Discuss·67 reads

Mihnea Octavian Manolache

Mihnea Octavian Manolache

mihnea.hashnode.dev·Dec 02, 2024

Dec 02, 2024

Keylogger.js - How to Exploit XSS Using Keylogging

LATER EDIT: I’ve added a working webhook on my personal website -https://www.mihnea.dev/keylogger-js In the ever-evolving landscape of cybersecurity, XSS still poses a significant threat to web applications. I myself have reported numerous XSS vulne...

Keylogger.js - How to Exploit XSS Using Keylogging

Discuss·50 reads

meydi

meydi.hashnode.dev·Nov 12, 2024

Nov 12, 2024

Master of XSS WAF Bypass - Part 1

Hello, I'm Meydi. I have been working in bug bounty for a year and a half, and over the past year, my main focus has been on client-side bugs and I have earned more than $25k in bounties through XSS In this part, my focus is on situations where you c...

Master of XSS WAF Bypass - Part 1

Discuss·35 likes·748 reads

Bhuwan Bhetwal

blog.bhuwanbhetwal.com.np·Nov 08, 2024

Nov 08, 2024

CSRF + POST Body Param Reflection = POST-Based XSS (A BrainFuck)

Hello again, This blog explains how i chained a CSRF and XSS on a POST request. So, lets get straight into it. One day i was hunting on a private program and i could see most of hacker’s were reporting CSRF. Almost 5 reports out of 10 were them. Lo...

CSRF + POST Body Param Reflection = POST-Based XSS (A BrainFuck)

Discuss·731 reads

Bhuwan Bhetwal

blog.bhuwanbhetwal.com.np·Nov 07, 2024

Nov 07, 2024

Breaking In: How RXSS and SQLi Can Lead to Full Account Takeover and Database Access

These vulnerabilities were Identified on one of the YesWeHack’s Private Program. I was hunting late night when i received an invitation from one of the Private Program. As they Were Interested on critical reports. I was looking for SQLi, Command Exec...

Breaking In: How RXSS and SQLi Can Lead to Full Account Takeover and Database Access

Discuss·2 likes·971 reads

Bhuwan Bhetwal

blog.bhuwanbhetwal.com.np·Nov 07, 2024

Nov 07, 2024

Adding Knoxnl (KNOXSS) to Burp

Open Burp > Extensions Install Piper Go to Piper > Context menu items Click on Add Button and Enter Name as “knoxnl” In the Add menu item dialog box, enter the Name as knoxnl and change the Can handle... drop down to HTTP requests only. Change b...

Adding Knoxnl (KNOXSS) to Burp

Discuss·83 reads

Prashanth Bodepu

Prashanth Bodepu

0xpb.hashnode.dev·Nov 05, 2024

Nov 05, 2024

Leek NFT challenge#0223 — Intigriti

Challenge Overview Challenge Link: https://challenge-0223.intigriti.io/ Challenge By: @x64pr0fessor This challenge demonstrates a potential Cross-Site Scripting (XSS) vulnerability by allowing image uploads with unvalidated metadata, which an att...

Discuss·1 read

monthlychallenge

Kuldeep Yadav

breachforce.net·Oct 17, 2024

Oct 17, 2024

Secure Your Node.js Applications: Top 10 Critical Vulnerabilities to Identify and Prevent Major Threats

Have you ever had one of those moments when you feel confident about the code you’ve written — until a VAPT (Vulnerability Assessment and Penetration Testing) team reviews it? Suddenly you’re faced with a sea of red flags and dire warnings. Words lik...

Secure Your Node.js Applications: Top 10 Critical Vulnerabilities to Identify and Prevent Major Threats

Discuss·174 reads