Cross-Site Scripting

Cross-Site scripting - short "XSS" - is a very common hacking technique often used on older websites.
It can essentially lead to malfunctioning websites and stolen data aswell as huge leaks of private data.

TASK

  Below is a vulnerable XSS target. Think of the page as a simple search engine.
  Try to deface the search engine and embed a fake password login.

  9x0 Search Engine

INFORMATION

  The method of XSS is based on script injection.
  Commonly you will be using the GET parameter and HTML/JS injection.

  Example:

     Input "Banana" into a search box.
     The site will answer with "Here are possible Banana results".
     
     Now, if you instead input "<span style="color:red">Banana</span>" it will output "Here are possible Banana results".
     
     You can now inject different HTMl/JS code and see what results you get.

0x9 Pentesting Lab

Cross-Site Scripting

Cross-Site scripting - short "XSS" - is a very common hacking technique often used on older websites. It can essentially lead to malfunctioning websites and stolen data aswell as huge leaks of private data.

TASK

INFORMATION

Cross-Site scripting - short "XSS" - is a very common hacking technique often used on older websites.
It can essentially lead to malfunctioning websites and stolen data aswell as huge leaks of private data.