Professional Documents
Culture Documents
Reflected XSS
Reflected XSS
Reflected XSS would occur when the data provided by a web client, most commonly in HTTP query parameters or in HTML form submissions, is reflected back immediately by server-side scripts to generate a response page for that user, without properly sanitizing the request parameters.
Reflected XSS
Chuck sends a specially crafted URL to exploit vulnerability and sends it in a mail to Alice.
Injected code reflects off the server and executes in Alices browsers
Chuck is aware of XSS vulnerability in Bobs site and knows Alice is an authenticated user.