A3:2021 | Cross Site Scripting (XSS) (7) | Cycubix Docs

Try It! Reflected XSS

Identify which field is susceptible to XSS

It is always a good practice to validate all input on the server-side. XSS can occur when unvalidated user input is used in an HTTP response. In a reflected XSS attack, an attacker can craft a URL with the attack script and post it to another website, email it, or otherwise get a victim to click on it.

An easy way to find out if a field is vulnerable to an XSS attack is to use the alert() or console.log() methods. Use one of them to find out which field is vulnerable.

Solution

The hint provided says "Think about how the inputs are presumably processed by the application.".
We can start by positioning in the field of credit card number. Select inspect to open developer tools.
Paste after the credit card number the following script:

<script>alert(2)</script>

What information send to the application gets reflected back after being submitted?

Your purchase will be completed as follow:

PreviousA3:2021 | Cross Site Scripting (XSS) (6) | Cycubix Docs NextA3:2021 | Cross Site Scripting (XSS) (8) | Cycubix Docs

Last updated 4 months ago