Websec Cybersecurity Blog

Expert insights, trends, research findings, and best practices from our security team to help you strengthen your organization's security posture.

Topic: XSS

Search Articles

Get the latest cybersecurity insights on LinkedIn or via RSS.

Search Articles

Filter by Topic

Filtering by: Topic: XSS

Blog December 19, 2017

Three Non Web-based XSS Injections

In this post guest blogger Alejandro Hernandez (nitr0us) writes about some interesting and fun XSS vectors which are not commonly seen.

# Alejandro # Cross-site Scripting # Hernandez # Injection # Non-web # XSS # nitr0usmx

Blog May 30, 2012

Cookie Stealing By Router Pharming (2Wire)

A multi-stage exploit that chains cross-site scripting, an information-disclosure magic URL, and a default-WEP password reset on 2Wire routers to poison DNS and harvest cookies from nearly any domain the victim visits.

# 2wire # Auth # Bypass # Cookie # Cross Site # Exploit # Forgery # Hijacking # Request # Router # Scripting # Session # XSS

Blog August 26, 2010

Attacking Linksys WRT160N router using the "URL Obfuscation in Frames" bug

A walkthrough of combining a URL obfuscation bug in iframes with an older XSS in the Linksys WRT160N to silently enable remote administration, demonstrating a realistic drive-by attack against SOHO routers that still ship with default credentials.

# Basic Auth # Default password # HTTP # Iframe # Linksys # Routers # URL Obfuscation # WRT160n # XSS

Websec Cybersecurity Blog

Search Articles

Popular Topics

Follow Us

Three Non Web-based XSS Injections

Cookie Stealing By Router Pharming (2Wire)

Attacking Linksys WRT160N router using the "URL Obfuscation in Frames" bug