Reflected XSS Lab

Infosec Learning
Virtual Lab

The development of this document is funded by the Boston Area Advanced Technological Education Connections (BATEC) Grant No. NSF-0703097 thru Bunker Hill Community College. Cross-site scripting (XSS) is a type of injection attack that involves exploitations through code. The manner in which these attacks are performed are nonpersistent (reflected),...

Time
1 hour 30 minutes
Difficulty
Intermediate
5.0
Share
NEED TO TRAIN YOUR TEAM? LEARN MORE
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Overview

The development of this document is funded by the Boston Area Advanced Technological Education Connections (BATEC) Grant No. NSF-0703097 thru Bunker Hill Community College.

Cross-site scripting (XSS) is a type of injection attack that involves exploitations through code. The manner in which these attacks are performed are nonpersistent (reflected), persistent (stored), and DOM-based nonpersistent XSS. Reflected XSS is the concentration of interest during this lab and is a client-side attack, whereby all insertions only occur in the client-side file and information is reflected back to the local user. Once the code is injected into the client-side page, all the code functionality is stored within the URL. Thus, just like in an HTMLi, attackers can use social engineering tactics to entice users to click on malicious links in order to retrieve sensitive information.