Home >Operation and Maintenance >Safety >How to analyze reflected XSS

How to analyze reflected XSS

PHPz
PHPzforward
2023-06-03 12:09:121430browse

1 Test environment introduction

The test environment is the DVWA module in the OWASP environment

2 Test description

XSS is also called CSS (CrossSite Script), a cross-site scripting attack . It refers to a malicious attacker inserting malicious HTML code into a Web page. When a user browses the page, the HTML code embedded in the Web will be executed, thereby achieving the special purpose of maliciously attacking the user, such as obtaining the user's cookie. Navigate to malicious websites, carry attacks and more. This vulnerability could be exploited by an attacker to hijack the session of an authenticated user. After hijacking an authenticated session, the virus originator has all the permissions of that authorized user.

3 Test steps

Enter the javascript script code in the input box:

<script>alert(/xxshack/)</script>

How to analyze reflected XSS

After clicking the submit button, a dialog box pops up, indicating that the website does not filter scripts, resulting in cross-site vulnerabilities.

How to analyze reflected XSS

The above is the detailed content of How to analyze reflected XSS. For more information, please follow other related articles on the PHP Chinese website!

Statement:
This article is reproduced at:yisu.com. If there is any infringement, please contact admin@php.cn delete