[TUT]Refletcd XSS or Non-Presistant XSS

What is Non-Presistant XSS -->

The non-persistent (or reflected) cross-site scripting vulnerability is by far the most common type.These holes show up when the data provided by a web client, most commonly in HTTP query parameters or in HTML form submissions, is used immediately by server-side scripts to parse and display a page of results for and to that user, without properly sanitizing the request.

How to find Non-Presistant XSS in websites or 

web application--->

Mainly non-persistent is found in search boxes of websites. So first you have to find search box in a website. After finding the search box we will try to put some code in search box. 
Like I will put following code in my example web application-->
<script>alert("XSS by D@rk TruTH");</script>
After entering this code I got a pop-up saying XSS by D@rk TruTH like in image given below

Dangers Non-Presistant XSS -->

1. Cookie stealing
2. Phishing  
3. Iframe injection

[TUT]Refletcd XSS or Non-Presistant XSS [TUT]Refletcd XSS or Non-Presistant XSS Reviewed by Aditya Joshi on 00:53:00 Rating: 5

No comments:

Share your problems but don't spam here

Powered by Blogger.