XSS

WordPress Security: XSS – Session Hijacking

In Practical Scenarios for XSS Attacks, we know XSS can lead to multiple attack scenarios, today, we will look into detail on how AppCalcium for WordPress Security works. We will use one real-world WordPress Plugin vulnerability (https://cxsecurity.com/ascii/WLB-2019090152) to study how AppCalcium for WordPress Security works proactively. Here are steps on how vulnerability can be leveraged. …

WordPress Security: XSS – Session Hijacking Read More »

Advanced Techniques to Bypass & Defeat XSS Filters, Part 2

Cross-site scripting can be one of the easiest vulnerabilities to discover, but to be successful with this type of attack, it is essential to learn how to get past filters. In the previous guide, we explored some ways to do this, such as abusing attributes and event handlers and tricking the application into accepting unusual characters. …

Advanced Techniques to Bypass & Defeat XSS Filters, Part 2 Read More »

Advanced Techniques to Bypass & Defeat XSS Filters, Part 1

There is no shortage of defenses against cross-site scripting (XSS) since it is so prevalent on the web today. Filters are one of the most common implementations used to prevent this type of attack, usually configured as a blacklist of known bad expressions or based on regex evaluation. But there is hope with a wide variety of techniques that …

Advanced Techniques to Bypass & Defeat XSS Filters, Part 1 Read More »