Reflected XSS Lab
The development of this document is funded by the Boston Area Advanced Technological Education Connections (BATEC) Grant No. NSF-0703097 thru Bunker Hill Community College. Cross-site scripting (XSS) is a type of injection attack that involves exploitations through code. The manner in which these attacks are performed are nonpersistent (reflected),...
Already have an account? Sign In »
The development of this document is funded by the Boston Area Advanced Technological Education Connections (BATEC) Grant No. NSF-0703097 thru Bunker Hill Community College.
Cross-site scripting (XSS) is a type of injection attack that involves exploitations through code. The manner in which these attacks are performed are nonpersistent (reflected), persistent (stored), and DOM-based nonpersistent XSS. Reflected XSS is the concentration of interest during this lab and is a client-side attack, whereby all insertions only occur in the client-side file and information is reflected back to the local user. Once the code is injected into the client-side page, all the code functionality is stored within the URL. Thus, just like in an HTMLi, attackers can use social engineering tactics to entice users to click on malicious links in order to retrieve sensitive information.
