We covered a practical example demonstrating encoded cross site scripting vulnerability using character encoding & Brup Suite to solve Challenge 004 in OWASP Hackademic free lab.
Cross-site scripting (XSS) is a web application vulnerability that allows attackers to inject scripts into webpages. There are two types of XSS attacks. The primary protection against XSS attacks is at the web application with sophisticated input validation techniques. OWASP strongly recommends the use of a security encoding library. When implemented, an encoding library will sanitize HTML code and prevent XSS attacks.
Reflected XSS starts by an attacker crafting a malicious email and then encouraging a user to click it. The malicious URL is often placed within a phishing email, but it could also be placed on a public website, such as a link within a comment. When the user clicks the malicious URL, it sends an HTTP request to a server with the user’s cookie which the attacker can use to hijack the user/admin account through what’s called session hijacking.
The Complete Practical Web Application Penetration Testing Course
Video Walkthrough
