You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Title: Reflected Cross Site Scripting Fixable: no fix available Details:
## what is reflected XSS
Reflected XSS attacks occur when an attacker sends to it's victim a specially crafted link that includes a malicious script which reflects off of a web application to the victim’s browser.
## Example:
```js
app.get('/vuln/:name', (req,res) => {
res.send('Hello ' + req.params.name)
})
```
## Malicious Payload
`?`name=<script>alert(1)<script>
So in the request will be evaluated as following
```
GET /vuln/%3Cscript%3E+alert%281%29+%3C%2Fscript%3E HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0
Connection: close
Upgrade-Insecure-Requests: 1
Reply
HTTP/1.1 200 OK
Server: Apache/2
Connection: close
Content-Type: text/html;charset=utf-8
<pre>Hello <script>alert(1)<script></pre>
```
and that will execute the script on the browser directly , giving the attacker a wide access to any thing the javascript has access to
ex: cookies, local storage , making ajax requests, websockets ..etc
more info , see [here](https://shieldfy.io/security-wiki/cross-site-scripting/reflected-xss/)
refrence id:342015783168423856
What do you want me to do next? @shieldfy ignore ?
The text was updated successfully, but these errors were encountered:
Title: Reflected Cross Site Scripting
Fixable: no fix available
Details:
refrence id:342015783168423856
What do you want me to do next?
@shieldfy ignore?The text was updated successfully, but these errors were encountered: