<aside> 💡 Manual technique is good but not efficient to exploit XSS in CMS especially when there are tons of vulnerabilities within myBB and its plugins, historically speaking.

</aside>

• Browsers executes everything sequentially
• XSS Payloads
• Common Targets for XSS

Introduction to XSS Attacks

• Introduction to Cross-Site Scripting (XSS)
• JavaScript Primer
• Lab: Anatomy of a Cross-Site Scripting Attack

Reflected XSS

• Lab: Exploiting Reflected XSS (Relevanssi plugin XSS (CVE-2018-9034)) Vulnerabilities in WordPress
• Lab: Cookie Stealing Via Reflected XSS

Stored XSS

• Lab: ApPHP MicroBlog - Outdated forum vulnerability
• Lab: MyBB Forum - Downloads Plugin vulnerability

DOM-Based XSS

• Lab: Exploiting DOM-Based XSS Vulnerabilities

XSS Tools

• Xsser
• Attacking POST Request
• Attacking GET Request