I was testing a website and i have never seen that before, The site
is using an out dated version of Jquery 1.7.2 I surfed online and
found that it is vuln. to XSS and some where it was written its safe i
want to ask is it really vuln. and how to exploit it ?
Start with the vulnerability type. What is XSS, how does it work and why is it bad?
Then try figure out how to have the code execute any form of JS via the vuln.
A vulnerability of low with another vuln such as medium, combined could become a high vulnerability if chained.
It helps to to think like a someone that wants something. Frame the attack in terms of who the attacker may be:
Example,
1.I am a guy that wants to get into ex gfs facebook account.
2.My employer cheated me out of my bonus, I want more money, how do i get access to the bosses computer to increase my salary on the payroll system.
3. The data hosted by my company in the office has all our employee records, this data is valuable if sold on the dark web.
Picture the target, and imagine how they would get to it and what they would do with it once there.,
With XSS, Once you can call an alert or grab cookies and write them to console, you will start to understand how to chain these into valid attacks