Neurohazard
Our democracy have been h4ck3d.

DOM XSS 靶场练习 (sboxr)

wpadmin~April 6, 2019 /InfoSec

DOM XSS 靶场练习

基于数据流分析常见的 DOM 型 XSS 。
https://sboxr.com/

靶场平台 DOM goat
https://domgo.at/cxss/intro

参考资料

利用Sboxr自动发现和利用DOM型XSS-Part 1
https://nosec.org/home/detail/2421.html
https://blog.appsecco.com/automating-discovery-and-exploiting-dom-client-xss-vulnerabilities-using-sboxr-part-1-2e55c120c9e1

利用Sboxr自动发现和利用DOM型XSS-Part 2
https://nosec.org/home/detail/2426.html
https://blog.appsecco.com/automating-discovery-and-exploiting-dom-client-xss-vulnerabilities-using-sboxr-part-2-3b5c494148e0

利用Sboxr自动发现和利用DOM型XSS-Part 3
https://nosec.org/home/detail/2444.html
https://blog.appsecco.com/automating-discovery-and-exploiting-dom-client-xss-vulnerabilities-using-sboxr-part-3-2ea910dfb429

https://stackoverflow.com/questions/5410745/how-can-i-get-a-list-of-the-items-stored-in-html-5-local-storage-from-javascript

https://domgo.at/cxss/example/6

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.