Professional Documents
Culture Documents
05 2 Cross Site Scripting
05 2 Cross Site Scripting
Objective: Perform XSS on a live website to execute a malicious script in the Browser
Prerequisites: None
Steps to be followed:
<script>alert(“hacked”)</script>
1.4 If the XSS is successful, you should be able to see an alert message hacked:
1.5 Click on the Signup Page and login using the username test and the password test:
1.6 After successful login you should see the profile details for user test:
1.7 In the Your Profile page, enter the following code in the Name field and click the update
button:
<script>alert(document.cookie)</script>
1.8 You should be able to see the cookie value for the user test:
1.9 In the Your Profile page, enter the following code in the Name field and click the update
button:
<script>window.location.href=”https://example.net”</script>
1.10 This code will redirect the user to another site. Every time the user logs in to the site
from the signup page, the user is automatically redirected to a fake site: