Scribd
Upload
5 views1 page

XSS Portswigger: Normal XSS (Re Ected or Stored XSS) How It Works

Uploaded by

Ritik
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
5 views1 page

XSS Portswigger: Normal XSS (Re Ected or Stored XSS) How It Works

Uploaded by

Ritik
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

––XSS Portswigger

1. <script>alert(1)</script>
2. <script>alert(1)</script> -- Comment
3. DOM

Source – Where we try xss


Sink – where input will processing tags

Reflexed goes to server and xss execu ng in code


Dom java script dom func on reflected in server
Normal XSS (Reflected or Stored XSS)
 How it works: The a ack happens because the server-
side code does not properly validate or sani ze user
input.
 Where the problem occurs: On the server side.
 Example: If a website takes user input (like a search
term) and immediately sends it back without
sani za on, an a acker could insert a malicious script
that the server sends to all users.
Exampl scenario:
o A search box takes user input and displays it on a

results page.
o If the input is <script>alert('Hacked!');</script>, and

the server does not sani ze it, the script is sent


back and executed in the user's browser.

You might also like