dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
WebGoat/webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en/CrossSiteScripting_content5b.adoc
Jason White feead6b740 initial cut on XSS, need to add some tests still
2017-05-18 14:41:14 -04:00

11 lines
529 B
Plaintext
Raw Blame History

== Self XSS or Reflected XSS?
You should have been able to execute script with the last example. At this point, it would be considered 'self XSS' though.
Why is that?
That is because there is no link that would tigger that XSS.
You can try it yourself to see what happens ... go to (substitute localhost with your server's name or IP if you need to):
link: http://localhost:8080/WebGoat/CrossSiteScripting/attack5a?QTY1=1&QTY2=1&QTY3=1&QTY4=1&field1=<script>alert('my javascript here')</script>4128+3214+0002+1999&field2=111
Reference in New Issue View Git Blame Copy Permalink