XSS Example
Consider a web application that takes name string from the user via the name parameter provided on the query string.
http://w3wiki.org/aform.html?name=Gaurav
The website server wants to show the name-value which is provided by the user on the HTML page. In this case, PHP is used to pull the value from the URL and generate the result HTML
<?php echo ‘You Searched: ‘ . $_GET[“name”]; ?>
A malicious script thus can be formed such that if a victim clicks on the URL, a malicious script would then be executed by the victim’s browser and send the session values to the attacker.
http://w3wiki.org/aform.html?name=<script>alert(‘XSS by Gaurav on w3wiki’);</script>
XSpear – Powerful XSS Scanning And Parameter Analysis Tool
Cross-Site Scripting or XSS is the Vulnerability or Security Flaw which is listed in the OWASP Top 10 Vulnerability list. XSS flaw mainly deals with the arbitrary JavaScript code which can compromise the internal architecture of the application. Attacker or Hacker passes the malicious code snippet which consists of intention to stole or destroy the system architecture. This malicious string or code is passed to the server through various means like input fields, parameters, or even passed as a file. In this flaw, the web application generates the output based on the user input, which can be risky if user input is something dangerous.
Contact Us