Welcome to Cycubix Docs

A3:2021 | Cross Site Scripting (XSS) (8) | Cycubix Docs

Self XSS or reflected XSS?

You should have been able to execute the script with the last example. At this point, it is considered 'self XSS,' though.

Why is that?

That is because no link triggers that XSS. You can try it yourself to see what happens … go to:

Click on the link given on WebGoat and you will see the following:

WebGoat/CrossSiteScripting/attack5a?QTY1=1&QTY2=1&QTY3=1&QTY4=1&field1=<script>alert('my%20javascript%20here')</script>4128+3214+0002+1999&field2=111

PreviousA3:2021 | Cross Site Scripting (XSS) (7) | Cycubix Docs NextA3:2021 | Cross Site Scripting (XSS) (9) | Cycubix Docs

Last updated 5 months ago