ahmad-ubaidillah/Cross-Site Scripting and HTML Injection Testing

Cross-Site Scripting and HTML Injection Testing

Purpose

Execute comprehensive client-side injection vulnerability assessments on web applications to identify XSS and HTML injection flaws, demonstrate exploitation techniques for session hijacking and credential theft, and validate input sanitization and output encoding mechanisms. This skill enables systematic detection and exploitation across stored, reflected, and DOM-based attack vectors.

Inputs / Prerequisites

🧠 Knowledge Modules (Fractal Skills)

1. Required Access

2. Technical Requirements

3. Legal Prerequisites

4. Phase 1: Vulnerability Detection

5. Phase 2: Stored XSS Exploitation

6. Phase 3: Reflected XSS Exploitation

7. Phase 4: DOM-Based XSS Exploitation

8. Phase 5: HTML Injection Techniques

9. Phase 6: Filter Bypass Techniques

10. XSS Detection Checklist

11. Common XSS Payloads

12. Cookie Theft Payload

13. Session Hijacking Template

14. Operational Boundaries

15. Technical Limitations

16. Legal and Ethical Requirements

17. Example 1: Stored XSS in Comment Section

18. Example 2: Reflected XSS via Search Parameter

19. Example 3: DOM-Based XSS via Hash Fragment

20. Example 4: CSP Bypass via JSONP Endpoint