XSS - Cross Site Scripting

Penetrating testing with Yogesh and Abhinav 

  • Cross-Site Scripting (XSS) 
  • XSS Statistics and Impact 
  • Types of XSS 
    • Stored XSS
    • Reflected XSS
    • DOM XSS 
  • Practical Demo's


Why do you want to hack?

What is XSS?

"An XSS attack occurs when a script from an untrusted source is executed in rendering a page" [*]

XSS according to OWASP

"Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected into the otherwise benign and trusted web sites"


XSS Statistics

According to OWASP Top 10 2017, XSS is at #7


According to HackerOne --

Trustwave Global Security Report

  • How the malicious JavaScript is injected?​

XSS Overview


  • The consequences of malicious JavaScript

XSS Attacks - Stored XSS

XSS Attacks - Reflected XSS

XSS Attacks - DOM-based XSS

Getting Bored ...

Example #1

Mission Objective

Inject a script to pop up a JavaScript alert() in the below URL


XSS Vector

Example #2

Mission Objective

Inject a script to pop up an alert() in the context of the application.

Note: the application saves your posts so if you sneak in code to execute the alert, this level will be solved every time you reload it. 

Entering a <script> tag on this level will not work

Is XSS Possible?

Thank you


By Yogesh Sharma

Loading comments...

More from Yogesh Sharma