Reflected XSS
Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Reflected attacks are those where the injected script is reflected off the web server, such as in an error message, search result, or any other response that includes some or all of the input sent to the server as part of the request.
Exploitation
This webapp takes in user’s firstname and lastname and then displays a welcome message on the page.
Let’s enter firstname as exploit and lastname as target.
We got a text saying welcome exploit target. Since it was reflecting our inputs back, it might be vulnerable to XSS injection. We can further inspect the page.
Let’s inject this xss payload <a href=javascript:alert(1)>Click</a> in firstname field and see if we can get alert box.
As you can see, the link has appeared on the page. We will click on the link.
Well, We got alert box.
Mitigations
- Use HTML entity encoding.
- Use Content Security Policy (CSP).
- Set the HttpOnly flag for cookies.