dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
WebGoat/webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en/CrossSiteScripting_content13-off.adoc
Jason White feead6b740 initial cut on XSS, need to add some tests still
2017-05-18 14:41:14 -04:00

20 lines
618 B
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

== XSS Phishing Example
* A search page displays the search string
* Attacker types in:
** String to search”><script>alert(xss)</script><!—
** This will result in an xss alert dialog
* Attacker could create dynamic page content:
+
----
password<form><br><br><HR><H3>
This feature requires account login:</H3><br><br>
Enter Username:<br><input type="text" id="user“
name="user"><br>
Enter Password:<br><input type="password"
name = "pass"><br>
</form><br><br><HR>
----
*Attacker steals credentials and posts data to attacker site*
Reference in New Issue View Git Blame Copy Permalink