Follow us on twitter! /insecurity Tutorial covering blind or out-of-band XSS vulnerabilities and how to exploit them. Finding Your Next Bug: Blind Cross Site Scripting (XSS) & XSS Hunter.The script allows you to take 'screenshots' of webpages or parts of it, directly on the users browser.This data can be useful when testing poorly implemented Cross-site Scripting blacklist filters, for those wishing to build an html white list system, as well as other uses. ctf DomGoat is a DOM Security learning platform written by Lava Kumar Kupan (from Ironwasp security) with different levels, each level targetting on different sources and sinks.From 4 sources to 3 sinks in DOM XSS - DomGoat level 1-10 (all levels) writeup.SELECT id FROM Users WHERE username = 'admin' or 1=1- AND password = 'request.password' For example, if a user inserts admin' or 1=1 -as the username, he/she will bypass the login form without providing a valid username/password combination.