xss attack on a php page

An XSS attack is one in which the page allows allows users to inject script blocks into the rendered HTML. So, first you must figure out how to do that. For instance, if the input from the user gets displayed on the page and it isn’t html escaped then a user could do the following:

User enters :

<script>alert('testing');</script>

Following that, if when when viewing the page an alert is shown then the page is vulnerable to XSS.

Therefore if the user enters JavaScript as follows:

<script>window.location.href = "http://www.whatever.com";</script>

The user would be redirected.

Browse More Popular Posts

Leave a Comment