XSS in Host Header

Jul 15

--

XSS is everywhere

Check if the given host header is accepted and reflected in response

Given text in response

In this application its take host header and reflect in response. So I gave java script in host header.

Click show response in browser

Successfully java script is executed…

Jeyabalaji

Written by Jeyabalaji

Start with $ end in #

Recommended from Medium

Interesting XSS in dutch website

Kushal Shrestha

Interesting XSS in dutch website

Some months ago, I found an XSS vulnerability in one of the dutch website. It was a bit interesting for me and I really enjoyed researching…

3 min readSep 19

--

1

Finding DOM XSS in Javascript

Prince

Finding DOM XSS in Javascript

Hey Security folks, this article is for beginner or mid level so I will explain every possible single code.

4 min readJul 13

--

Lists

Best of The Writing Cooperative

67 stories73 saves

Medium Publications Accepting Story Submissions

154 stories727 saves

Staff Picks

457 stories305 saves

HTTP parameter pollution : Bug bounties [Server-Side ; Client-Side]

Falken Smaze

HTTP parameter pollution : Bug bounties [Server-Side ; Client-Side]

Join our Discord server for private learning material and like-minded individuals!

5 min readApr 29

--

Fuzzing APIs

Isu Momodu Abdulrauf

Fuzzing APIs

Fuzzing or Fuzz testing is an automated testing method where random, invalid, distorted, or unexpected input is given to an API Endpoint to…

8 min readSep 10

--

How I escalated HTML Injection to P3 vulnerability in the US Department of Education domain.

Prince Roy

How I escalated HTML Injection to P3 vulnerability in the US Department of Education domain.

3 min readSep 15

--

3

DOM-based XSS via DOM Invader

Wei Chen

DOM-based XSS via DOM Invader

Enable DOM invader.

5 min readSep 5

--

See more recommendations

Help
Status
Writers
Blog
Careers
Privacy
Terms
About
Text to speech
Teams