Skip to content

Reflective XSS

links: WS TOC - Cross Site Scripting (XSS) - Index


  • The website reflects user supplied data directly back to the user
  • Example
    • User enters text in a search bar
    • The server returns dynamic feedback: "You searched: ..."
    • The browser renders the text
    • If it contains a script, the script is executed
"You searched: "<script>alert("Hello World")</script>"

Exploit

  • Add the script as parameter in the URL and make the victim click the link (Phishing)
  • Link looks correct and the certificate is also correct

Unencoded URL example

http://vulnerable-website.com/search?query=<script>alert('XSS')</script>

links: WS TOC - Cross Site Scripting (XSS) - Index