- This topic has 3 replies, 2 voices, and was last updated 4 years, 6 months ago by Zaid Sabih.
- AuthorPosts
- April 10, 2020 at 9:11 am #33565basmeijerParticipant
Hi Zaid,
I have been looking around on multiple websites, even my own.
I find it hard to find vulns on https websides. Do you have any suggestion on how to find these vulns for these websites?Wordpress is a very famous website builder application. What are XSS vulns for wordpress build websites?
Finally: how can we input javascript into websites, so that that we hook these websites using beef of veil?
Thanks.
BasApril 10, 2020 at 3:15 pm #33583Zaid SabihModeratorHello Basmejer,
HTTPS does not protect websites from vulnerabilities, it just encrypts the communication.
Wordpres have been vulnerable to XSS a number of times before but the latest release does not have any public ones, also the plugins used on wordpress websites can introduce vulnerabilities.
As for hooking users to beef through XSS, that is covered in the course, did you get there yet?April 10, 2020 at 3:43 pm #33591basmeijerParticipantHello Zaid,
Yes, I am at the hooking users with Beef.
My challenge is finding the vulnerabilities in the url’s. It looks like a lot of websites do not have ‘xxx.php?=something” in the url.
Is this hidden?April 13, 2020 at 4:17 pm #33864Zaid SabihModeratorSo to discover vulnerabilities for all of the ones covered in this course you should test every possible method to pass data to the web server, so:
1. send data through input boxes.
2. Send data through file?var=DATA.
3. Interceptor requests using bird as shown earlier and passed data this way. - AuthorPosts
- You must be logged in to reply to this topic.