XSS

You can check an input field with these symbols: [ < > ‘ “ { } ; ], if they are not removed or encoded the field might be vulnerable to XSS.

XSS Types

• Stored XSS [Persistent XSS] occurs when the injection is stored and displayed to everyone.

• Reflected XSS includes payload from an outer source, like a link or request.

• DOM-based happens within the page’s DOM.

Injection Methods

Iframe Injection

Example:

Every user that will enter the site will send us a request!