[adriancs35]

Hi , i know this is a noob question but, how do i set the URL for a non-persistent XSS on the USERNAME field into a login page?

the input is called "login_username"

tried something like www.site.com/login.php?input#login_username=""/><script>alert("test")</script>" but don't work

[3SidedSquare]

Depends on the page, however, trying to put html in a URL will rarely work, most username/password fields are loaded from a cookie, if there is one. To properly attack this, you might try hosting a page that creates a bad cookie, with the username & password in the cookie, then redirects to the vulnerable page. (I know it negates the point of an XSS if you have to send them to your page first, but hey, I couldn't think of anything else in these few minutes)

[adriancs35]

yeah, can't understand how search box work and this don't
xxx.xx/index.php?search=

[BreShiE]

You need to understand how XSS works.

XSS works by returning the vulnerable code. Take a search page for instance, if you search for something and you receive something like "Here's your results for: search term" then this may be vulnerable. You then want to inject your JS code. Don't forget that not every website in the world is vulnerable.

[nikey646]

Another more secret-ish XSS attack would be say a Shopping Cart, where you can add items in via a ?id=x, however, this one isn't designed to reveal information, it's an attempt to try and get people to spend more money then what they originally intended.

Also, finding XSS attacks like the one you want, is actually quite hard, unless you found an idiot who doesn't listen to what his told, because in every tutorial for web development ever made, they make note: If it contains user input. sanitize it. Rare cases such as, say an "ID" for a blog post, or a forum article, are left un--sanitized, because People don't expect anything but a number, and truth be told, i've done that several times....