Lesson Plan Title: How to Perform Reflected Cross Site Scripting (XSS) Attacks

Concept / Topic To Teach:
It is always a good practice to validate all input on the server side. XSS can occur when unvalidated user input is used in an HTTP response. In a reflected XSS attack, an attacker can craft a URL with the attack script and post it to another website, email it, or otherwise get a victim to click on it.

General Goal(s):
For this exercise, your mission is to come up with some input containing a script. You have to try to get this page to reflect that input back to your browser, which will execute the script and do something bad.

Figure 1 Lesson 15

 

Solution:

 

Enter <script>alert('Bang!')</script> for the PIN value

 

Figure 2 Lesson 15 Completed

 

 

Solution by Erwin Geirnaert ZION SECURITY