XSS
Cross-Site Scripting is a web attack in which the attacker might be able to inject the malicious javascript code for the benefit of the attacker
Stealing cookies of the current user
Places to check for XSS
All fields in the form submission
User-Agent
Referrer Headers
XSS to CSRF
Create requests with
XMLHTTPRequest()
to request a webpage
With the content of the requested webpage stored in the variable resp1, it can be sent to the attacker with another request from js to the attacker machine
Last updated
Was this helpful?