Submit Search
Upload
Pwning with XSS: from alert() to reverse shell: Defcon Banglore 2013
•
Download as PPTX, PDF
•
5 likes
•
10,299 views
Ajin Abraham
Follow
A Glimpse through V4 of OWASP Xenotix XSS Exploit Framework
Read less
Read more
Technology
Report
Share
Report
Share
1 of 6
Download now
Recommended
Website Research
Website Research
MattCheetham
Node JS reverse shell
Node JS reverse shell
Madhu Akula
How to find Zero day vulnerabilities
How to find Zero day vulnerabilities
Mohammed A. Imran
Zero-Day Vulnerability and Heuristic Analysis
Zero-Day Vulnerability and Heuristic Analysis
Ahmed Banafa
Xenotix XSS Exploit Framework: Clubhack 2012
Xenotix XSS Exploit Framework: Clubhack 2012
Ajin Abraham
Null Singapore 2015 accomplishments
Null Singapore 2015 accomplishments
Mohammed A. Imran
OWASP Xenotix XSS Exploit Framework v3 : Nullcon Goa 2013
OWASP Xenotix XSS Exploit Framework v3 : Nullcon Goa 2013
Ajin Abraham
A2 - broken authentication and session management(OWASP thailand chapter Apri...
A2 - broken authentication and session management(OWASP thailand chapter Apri...
Noppadol Songsakaew
Recommended
Website Research
Website Research
MattCheetham
Node JS reverse shell
Node JS reverse shell
Madhu Akula
How to find Zero day vulnerabilities
How to find Zero day vulnerabilities
Mohammed A. Imran
Zero-Day Vulnerability and Heuristic Analysis
Zero-Day Vulnerability and Heuristic Analysis
Ahmed Banafa
Xenotix XSS Exploit Framework: Clubhack 2012
Xenotix XSS Exploit Framework: Clubhack 2012
Ajin Abraham
Null Singapore 2015 accomplishments
Null Singapore 2015 accomplishments
Mohammed A. Imran
OWASP Xenotix XSS Exploit Framework v3 : Nullcon Goa 2013
OWASP Xenotix XSS Exploit Framework v3 : Nullcon Goa 2013
Ajin Abraham
A2 - broken authentication and session management(OWASP thailand chapter Apri...
A2 - broken authentication and session management(OWASP thailand chapter Apri...
Noppadol Songsakaew
Injecting Security into Web apps at Runtime Whitepaper
Injecting Security into Web apps at Runtime Whitepaper
Ajin Abraham
Injecting Security into vulnerable web apps at Runtime
Injecting Security into vulnerable web apps at Runtime
Ajin Abraham
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSF
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSF
Ajin Abraham
Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...
Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...
Ajin Abraham
Automated Security Analysis of Android & iOS Applications with Mobile Securit...
Automated Security Analysis of Android & iOS Applications with Mobile Securit...
Ajin Abraham
G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...
G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...
Ajin Abraham
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
Ajin Abraham
Hacking Tizen: The OS of everything - Whitepaper
Hacking Tizen: The OS of everything - Whitepaper
Ajin Abraham
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Ajin Abraham
Abusing Exploiting and Pwning with Firefox Addons
Abusing Exploiting and Pwning with Firefox Addons
Ajin Abraham
Exploit Research and Development Megaprimer: DEP Bypassing with ROP Chains
Exploit Research and Development Megaprimer: DEP Bypassing with ROP Chains
Ajin Abraham
Abusing Google Apps and Data API: Google is My Command and Control Center
Abusing Google Apps and Data API: Google is My Command and Control Center
Ajin Abraham
Exploit Research and Development Megaprimer: Win32 Egghunter
Exploit Research and Development Megaprimer: Win32 Egghunter
Ajin Abraham
Exploit Research and Development Megaprimer: mona.py, Exploit Writer's Swiss ...
Exploit Research and Development Megaprimer: mona.py, Exploit Writer's Swiss ...
Ajin Abraham
Exploit Research and Development Megaprimer: Unicode Based Exploit Development
Exploit Research and Development Megaprimer: Unicode Based Exploit Development
Ajin Abraham
Exploit Research and Development Megaprimer: Buffer overflow for beginners
Exploit Research and Development Megaprimer: Buffer overflow for beginners
Ajin Abraham
Abusing, Exploiting and Pwning with Firefox Add-ons: OWASP Appsec 2013 Presen...
Abusing, Exploiting and Pwning with Firefox Add-ons: OWASP Appsec 2013 Presen...
Ajin Abraham
Abusing, Exploiting and Pwning with Firefox Add-ons
Abusing, Exploiting and Pwning with Firefox Add-ons
Ajin Abraham
Wi-Fi Security with Wi-Fi P+
Wi-Fi Security with Wi-Fi P+
Ajin Abraham
Shellcoding in linux
Shellcoding in linux
Ajin Abraham
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Wonjun Hwang
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
gvaughan
More Related Content
More from Ajin Abraham
Injecting Security into Web apps at Runtime Whitepaper
Injecting Security into Web apps at Runtime Whitepaper
Ajin Abraham
Injecting Security into vulnerable web apps at Runtime
Injecting Security into vulnerable web apps at Runtime
Ajin Abraham
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSF
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSF
Ajin Abraham
Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...
Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...
Ajin Abraham
Automated Security Analysis of Android & iOS Applications with Mobile Securit...
Automated Security Analysis of Android & iOS Applications with Mobile Securit...
Ajin Abraham
G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...
G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...
Ajin Abraham
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
Ajin Abraham
Hacking Tizen: The OS of everything - Whitepaper
Hacking Tizen: The OS of everything - Whitepaper
Ajin Abraham
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Ajin Abraham
Abusing Exploiting and Pwning with Firefox Addons
Abusing Exploiting and Pwning with Firefox Addons
Ajin Abraham
Exploit Research and Development Megaprimer: DEP Bypassing with ROP Chains
Exploit Research and Development Megaprimer: DEP Bypassing with ROP Chains
Ajin Abraham
Abusing Google Apps and Data API: Google is My Command and Control Center
Abusing Google Apps and Data API: Google is My Command and Control Center
Ajin Abraham
Exploit Research and Development Megaprimer: Win32 Egghunter
Exploit Research and Development Megaprimer: Win32 Egghunter
Ajin Abraham
Exploit Research and Development Megaprimer: mona.py, Exploit Writer's Swiss ...
Exploit Research and Development Megaprimer: mona.py, Exploit Writer's Swiss ...
Ajin Abraham
Exploit Research and Development Megaprimer: Unicode Based Exploit Development
Exploit Research and Development Megaprimer: Unicode Based Exploit Development
Ajin Abraham
Exploit Research and Development Megaprimer: Buffer overflow for beginners
Exploit Research and Development Megaprimer: Buffer overflow for beginners
Ajin Abraham
Abusing, Exploiting and Pwning with Firefox Add-ons: OWASP Appsec 2013 Presen...
Abusing, Exploiting and Pwning with Firefox Add-ons: OWASP Appsec 2013 Presen...
Ajin Abraham
Abusing, Exploiting and Pwning with Firefox Add-ons
Abusing, Exploiting and Pwning with Firefox Add-ons
Ajin Abraham
Wi-Fi Security with Wi-Fi P+
Wi-Fi Security with Wi-Fi P+
Ajin Abraham
Shellcoding in linux
Shellcoding in linux
Ajin Abraham
More from Ajin Abraham
(20)
Injecting Security into Web apps at Runtime Whitepaper
Injecting Security into Web apps at Runtime Whitepaper
Injecting Security into vulnerable web apps at Runtime
Injecting Security into vulnerable web apps at Runtime
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSF
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSF
Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...
Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...
Automated Security Analysis of Android & iOS Applications with Mobile Securit...
Automated Security Analysis of Android & iOS Applications with Mobile Securit...
G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...
G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
Hacking Tizen: The OS of everything - Whitepaper
Hacking Tizen: The OS of everything - Whitepaper
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Abusing Exploiting and Pwning with Firefox Addons
Abusing Exploiting and Pwning with Firefox Addons
Exploit Research and Development Megaprimer: DEP Bypassing with ROP Chains
Exploit Research and Development Megaprimer: DEP Bypassing with ROP Chains
Abusing Google Apps and Data API: Google is My Command and Control Center
Abusing Google Apps and Data API: Google is My Command and Control Center
Exploit Research and Development Megaprimer: Win32 Egghunter
Exploit Research and Development Megaprimer: Win32 Egghunter
Exploit Research and Development Megaprimer: mona.py, Exploit Writer's Swiss ...
Exploit Research and Development Megaprimer: mona.py, Exploit Writer's Swiss ...
Exploit Research and Development Megaprimer: Unicode Based Exploit Development
Exploit Research and Development Megaprimer: Unicode Based Exploit Development
Exploit Research and Development Megaprimer: Buffer overflow for beginners
Exploit Research and Development Megaprimer: Buffer overflow for beginners
Abusing, Exploiting and Pwning with Firefox Add-ons: OWASP Appsec 2013 Presen...
Abusing, Exploiting and Pwning with Firefox Add-ons: OWASP Appsec 2013 Presen...
Abusing, Exploiting and Pwning with Firefox Add-ons
Abusing, Exploiting and Pwning with Firefox Add-ons
Wi-Fi Security with Wi-Fi P+
Wi-Fi Security with Wi-Fi P+
Shellcoding in linux
Shellcoding in linux
Recently uploaded
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Wonjun Hwang
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
gvaughan
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
Fwdays
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
Hervé Boutemy
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
null - The Open Security Community
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
RankYa
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
SeasiaInfotech2
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
Memoori
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
Addepto
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Patryk Bandurski
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
Padma Pradeep
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
carlostorres15106
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Zilliz
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
Fwdays
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
Manik S Magar
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
charlottematthew16
Training state-of-the-art general text embedding
Training state-of-the-art general text embedding
Zilliz
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
Fwdays
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
Fwdays
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
Slibray Presentation
Recently uploaded
(20)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
Training state-of-the-art general text embedding
Training state-of-the-art general text embedding
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
Pwning with XSS: from alert() to reverse shell: Defcon Banglore 2013
1.
2.
• • • •
3.
START
4.
Xenotix HTTP Web
Shell Proxy Web Server ATTACKER VICTIM GET http://facebook.com Serve the JavaScript File Facebook.com HTML page contents FB’s Server
5.
SO.... Never Under Estimate the
Power of XSS
6.
ajinabrahamofficial ajinabrahamofficial ajinabraham ajinabraham ajin.abraham@owasp.org
Download now