Skip to content
/ Reflected-XSS-Vulnerability Public

This project demonstrates the identification and exploitation of a reflected cross-site scripting (XSS) vulnerability in a web application's search functionality.

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

GauravGhandat-23/Reflected-XSS-Vulnerability

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
README.md
README.md
 
 
Reflected-XSS-Vulnerability Project file.pdf
Reflected-XSS-Vulnerability Project file.pdf
 
 

Repository files navigation

Reflected-XSS-Vulnerability

This project demonstrates the identification and exploitation of a reflected cross-site scripting (XSS) vulnerability in a web application's search functionality.

Objectives

  • Understand and exploit reflected XSS vulnerabilities.
  • Provide mitigation recommendations to prevent such vulnerabilities.

Problem Statement

Reflected XSS into HTML context with nothing encoded. This lab contains a simple reflected cross-site scripting vulnerability in the search functionality. To solve the lab, perform a cross-site scripting attack that calls the alert() function.

Steps to Exploit

  1. Access the Web Application:

    • Open the web page containing the search functionality.

  2. Test the Search Field for Reflection:

    • Enter a test string (e.g., test) in the search field and observe if it is reflected on the page.

  3. Craft an XSS Payload:

    • Inject the following payload in the search field: 
      <script>alert(1)</script>

  4. Submit the Payload:

    • Submit the search form with the crafted payload.

  5. Observe the Result:

    • If the vulnerability exists, a popup with the number "1" will appear, confirming the XSS attack.

Mitigation Recommendations

  • Input Validation:
    • Validate all user inputs before processing or reflecting them in the application.
  • Output Encoding:
    • Apply proper encoding for untrusted data before rendering it on the page.
  • Content Security Policy (CSP):
    • Implement a CSP to restrict sources of executable scripts.
  • Use Security Libraries:
    • Utilize libraries like OWASP AntiSamy for automatic sanitization of inputs.

Files Included

  • Documentation:
    • Reflected-XSS-Vulnerability Project File: Detailed documentation of the project.
  • Sample Payloads:
    • Example payloads to test the vulnerability.

Conclusion

This project demonstrates the importance of secure input handling and provides practical insights into identifying and mitigating XSS vulnerabilities. By following secure coding practices, developers can significantly reduce the risk of such attacks.

Disclaimer

This project is for educational purposes only. Unauthorized testing on applications without permission is illegal and unethical.

About

This project demonstrates the identification and exploitation of a reflected cross-site scripting (XSS) vulnerability in a web application's search functionality.

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published