http://shivasurya.me/tags/xss/Recent content in Xss on ShivasuryaHugoen-usMon, 07 Dec 2020 00:00:00 +0000http://shivasurya.me/2020/12/07/leetcode-xss/Mon, 07 Dec 2020 00:00:00 +0000http://shivasurya.me/2020/12/07/leetcode-xss/<p>Reflected XSS (Cross-Site Scripting) attack is my favorite vulnerability category as it&rsquo;s relatively easy to exploit by checking for params as the source and rendering DOM as the sink.</p> <h3 id="problem">Problem</h3> <p>The core problem of the Reflected Cross-Site scripting attack is appending the URL parameter values in the DOM without validation or filtering. Though the reflected XSS requires user interaction by visiting the page or clicking on links in real-life attacks, people should think about Iframe tags that don&rsquo;t need any interaction to load them on other third party web pages.</p>