Web For Pentesters – Cross Site Scripting Example 1

0
144
Web For Pentesters - Cross Site Scripting Example 1

Hello friends and students so this is the first video of our series Web For Pentesters Virtual Penetration Testing Lab and in this article i will be covering Example 1 from the virtual lab. It is a very simple and typical type of xss.

Here are all the other Examples Of Cross Site Scripting .

Description:-

Cross-Site Scripting (XSS) attacks occur when:

  1. Data enters a Web application through an untrusted source, most frequently a web request.
  2. The data is included in dynamic content that is sent to a web user without being validated for malicious content.

The malicious content sent to the web browser often takes the form of a segment of JavaScript, but may also include HTML, Flash, or any other type of code that the browser may execute. The variety of attacks based on XSS is almost limitless, but they commonly include transmitting private data, like cookies or other session information, to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the user’s machine under the guise of the vulnerable site. ¬† –OWASP

Here is the example :-

http://[yourlab]/xss/example1.php?name=[Data]

Now what is happening here is the data provided in the name paramenter of the example will be displayed exactly the same in the web page and is not being verified what kind of data is being sent so it leads to a Cross Site Scripting attack.

http://[yourlab]/xss/example1.php?name=

and this payload will show the domain in the alert box.

Here is the video of the example.

Thanks and do tell if you liked it and do share it really helps us.

LEAVE A REPLY

Please enter your comment!
Please enter your name here