Detect, exploit, and remediate cross-site scripting (XSS) vulnerabilities across all three varieties — reflected, stored, and DOM-based — in web applications...
- Systematically find XSS vulnerabilities across all entry points of a web application
- Distinguish between reflected, stored, and DOM-based XSS and apply the correct detection method for each
- Construct payloads matched to the HTML context where input lands
- Bypass signature-based input filters, sanitization routines, and length limits
- Demonstrate real impact through session hijacking or other proof-of-concept exploits
- Provide developers with precise remediation guidance
This skill is framed for defensive and educational purposes. All techniques are to be performed only against systems you own or have explicit written authorization to test.
---
💡 Examples
Example 1: Reflected XSS in an Error Page (Attribute Context)
Scenario: A penetration test of a retail web application. The error page at /error returns a message URL parameter verbatim inside an HTML attribute.
Trigger: While mapping the application, submitting test string myxsstest001 to the message parameter — source shows: . The reflection is inside a quoted attribute value.
Process:
1. Confirm context: reflection is inside value="..." of an tag
2. Initial payload to break out: "> — verify it appears unmodified in the response
3. Application blocks
3. Check admin log view — script executes
4. Application sanitizes
