Cross site scripting (XSS) Vulnerability


Cross site scripting (XSS) Vulnerability

Hello Guys , Welcome to Infosec Zone today I gonna show you Cross site scripting vulnerability which is one of the most dangerous vulnerability and listed in owasp top 10 read carefully try and practice. In this tutorial we will cover Reflected Cross site scripting in GET Method and Post Method.

What is cross site scripting ( XSS )

XSS is a Type of attack in which an attacker inject a malicious script in website. XSS occur when use web application in the form of browser side script to different end users.

Malicious script can access any cookies, session, tokens or other sensitive information e.t.c. It is caused by insufficient input validations in server side as well as client side.

There are basic two types of XSS

  • Reflected cross site scripting XSS Attack (Non-Persistent)
  • Stored cross site scripting XSS Attack (Persistent)

Read their more information in OWASP official website

So lets start Practical…

Here I am using bWAPP on my localhost you can use this or DVWA. But I thinks that bWAPP is quite much better than DVWA.

So in this practical we use this payload

<img src=lol.png onerror=prompt(document.domain) />

first select xss vulnerability to attack and start.


<img src=lol.png onerror=prompt(document.domain) />

Just paste this payload in first name and last name and click go as a result you can see that our code is executed and got a popup.cross site scripting Xss

great we had successfully XSSED…. 🙂

The above XSS was GET method. Lets start Post Method for Post Method the requirement is hackbar Addon in firefox. install it if you don’t have and follow me step by step.

just click on post data in hackbar and type any thing in both field and load URL you will see some thing like this.

xss attack

in post data add the payload. see in below image and execute

xss post 2

yeah our code is executed…Keep learning.. 🙂 and share it







Author: Ahmed Raza Memon

I am 17 years old Ethical Hacker, Penetration Tester, Web Security Expert and Exploit Writer From the India. My area of expertise includes Ethical Hacking, Vulnerability Assessment, Information Security Audits, Penetration Testing, Exploit Writing, Web Application security, Source Code Reviews, Forensic Investigation and Cyber Law. I have been Acknowledged by many top companies like Microsoft, Apple, SAP, AOL, Sony and many More...

Leave a Reply