Page History

...

An XSS flaw involves exploiting the browser’s interpretation of HTML/Javascript when displaying data. If you display any unprotected data in the page – that is, without taking care to convert the characters that are being interpreted - the browser will be able to interpret the variables that are displayed as HTML or Javascript.

Notetip

Example.

Page :

Code Block
<html> <body> No results were found for the keyword $keyword.</body> </html>

Exploitation :
You just need to enter the following character chain as a keyword:

Code Block
<script type="text/javascript">alert('kikoo');</script>

Result:
A "kikoo" alert will appear on the page.

...

Child pages

Versions Compared

Old Version 1

New Version 2

Key