XSS (7)

Try It! Reflected XSS

Identify which field is susceptible to XSS

It is always a good practice to validate all input on the server-side. XSS can occur when unvalidated user input is used in an HTTP response. In a reflected XSS attack, an attacker can craft a URL with the attack script and post it to another website, email it, or otherwise get a victim to click on it.

An easy way to find out if a field is vulnerable to an XSS attack is to use the alert() or console.log() methods. Use one of them to find out which field is vulnerable.

Solution

Think about how the inputs are presumably processed by the application. Quantity inputs are probably processed as integer values. Not the best option for inputting text right? What information send to the application gets reflected back after being submitted? Just try purchasing something. You want your script to be included in the purchase-confirmation.

Put <script>alert()</script> in the box Enter your credit card number.

PreviousXSS (2)NextXSS (10)

Last updated 3 years ago