We covered a practical example demonstrating encoded cross site scripting vulnerability using character encoding & Brup Suite to solve Challenge 004 in OWASP Hackademic free lab.

Cross-site scripting (XSS) is a web application vulnerability that allows attackers to inject scripts into webpages. There are two types of XSS attacks. The primary protection against XSS attacks is at the web application with sophisticated input validation techniques. OWASP strongly recommends the use of a security encoding library. When implemented, an encoding library will sanitize HTML code and prevent XSS attacks.

Reflected XSS starts by an attacker crafting a malicious email and then encouraging a user to click it. The malicious URL is often placed within a phishing email, but it could also be placed on a public website, such as a link within a comment. When the user clicks the malicious URL, it sends an HTTP request to a server with the user’s cookie which the attacker can use to hijack the user/admin account through what’s called session hijacking.

Get OSCP Certificate Notes

The Complete Practical Web Application Penetration Testing Course

Video Walkthrough

, , , ,
Show Comments

Motasem

About the Author

I create cybersecurity notes, digital marketing notes and online courses. I also provide digital marketing consulting including but not limited to SEO, Google & Meta ads and CRM administration.

View Articles