We covered a practical example demonstrating encoded cross site scripting vulnerability using character encoding & Brup Suite to solve Challenge 004 in OWASP Hackademic free lab.

Cross-site scripting (XSS) is a web application vulnerability that allows attackers to inject scripts into webpages. There are two types of XSS attacks. The primary protection against XSS attacks is at the web application with sophisticated input validation techniques. OWASP strongly recommends the use of a security encoding library. When implemented, an encoding library will sanitize HTML code and prevent XSS attacks.

Reflected XSS starts by an attacker crafting a malicious email and then encouraging a user to click it. The malicious URL is often placed within a phishing email, but it could also be placed on a public website, such as a link within a comment. When the user clicks the malicious URL, it sends an HTTP request to a server with the user’s cookie which the attacker can use to hijack the user/admin account through what’s called session hijacking.

Get OSCP Certificate Notes

The Complete Practical Web Application Penetration Testing Course

Video Walkthrough

, , , ,
Show Comments

The MasterMinds Notes

About the Author

Mastermind Study Notes is a group of talented authors and writers who are experienced and well-versed across different fields. The group is led by, Motasem Hamdan, who is a Cybersecurity content creator and YouTuber.

View Articles