- This topic has 3 replies, 2 voices, and was last updated 3 years, 11 months ago by .
- You must be logged in to reply to this topic.
Hi Zaid,
I have been looking around on multiple websites, even my own.
I find it hard to find vulns on https websides. Do you have any suggestion on how to find these vulns for these websites?
Wordpress is a very famous website builder application. What are XSS vulns for wordpress build websites?
Finally: how can we input javascript into websites, so that that we hook these websites using beef of veil?
Thanks.
Bas
Hello Basmejer,
HTTPS does not protect websites from vulnerabilities, it just encrypts the communication.
Wordpres have been vulnerable to XSS a number of times before but the latest release does not have any public ones, also the plugins used on wordpress websites can introduce vulnerabilities.
As for hooking users to beef through XSS, that is covered in the course, did you get there yet?
Hello Zaid,
Yes, I am at the hooking users with Beef.
My challenge is finding the vulnerabilities in the url’s. It looks like a lot of websites do not have ‘xxx.php?=something” in the url.
Is this hidden?
So to discover vulnerabilities for all of the ones covered in this course you should test every possible method to pass data to the web server, so:
1. send data through input boxes.
2. Send data through file?var=DATA.
3. Interceptor requests using bird as shown earlier and passed data this way.
Not a member yet? Register now
Are you a member? Login now
All of our courses include:
✔ Lifetime, unlimited access to course materials & training videos.
✔ Verifiable certificate of completion from zSecurity, signed by the course instructor, Zaid.
✔ Get answers from our Support Team within a maximum of 15 hours.
✔ Unlimited Updates.
Get free 1 month VIP membership per course with:
✔ Live mentorship and Q&A session with the course instructor, Zaid.
✔ Instant support from community members through our private discord channel.
✔ Daily updates with the latest tutorials & news in the hacking world.
✔ Daily resources like CTFs, bug bounty programs, onion services and more!
✔ Access our VIP community & connect with like-minded people.
✔ Discounts on other zSecurity products and services.
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
This website uses Google Analytics and Linkedin to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookies enabled helps us to improve our website.
Please enable Strictly Necessary Cookies first so that we can save your preferences!