[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] XSS Fuzzer

To: "fulldisclosure@xxxxxxxxxxxx" <fulldisclosure@xxxxxxxxxxxx>
Subject: [FD] XSS Fuzzer
From: Poyo VL via Fulldisclosure <fulldisclosure@xxxxxxxxxxxx>
Date: Sat, 24 Nov 2018 12:46:50 +0000 (UTC)

XSS Fuzzer is a simple application written in plain HTML/JavaScript/CSS which 
generates XSS payloads based on user-defined vectors using multiple 
placeholders which are replaced with fuzzing lists.
It offers the possibility to just generate the payloads as plain-text or to 
execute them inside an iframe. Inside iframes, it is possible to send GET or 
POST requests from the browser to arbitrary URLs using generated payloads.
XSS Fuzzer is a generic tool that can be useful for multiple purposes, 
including:

- Finding new XSS vectors, for any browser- Testing XSS payloads on GET and 
POST parameters- Bypassing XSS Auditors in the browser- Bypassing web 
application firewalls- Exploiting HTML whitelist features
Website: https://xssfuzzer.com/ ;

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: [FD] It is not a vulnerability. It is a feature. A Zendesk customer? Act now!
Next by Date: [FD] CVE-2018-19505 - Impersonation may lead to incorrect user context in Remedy AR System Server in BMC Remedy 7.1
Previous by thread: [FD] It is not a vulnerability. It is a feature. A Zendesk customer? Act now!
Next by thread: [FD] CVE-2018-19505 - Impersonation may lead to incorrect user context in Remedy AR System Server in BMC Remedy 7.1
Index(es):
- Date
- Thread