A basic and common client - site security vulnerabilities
In order to get the best experience in learning this vulnerability, you should have basic knowledge in HTML.
You can start learning this vulnerability by answering this question: Is HTML a Programming Language?
If you have learned this vulnerability before, why not going to solve my challenges here?
The first time you speak out the name of this vulnerability, I guess you would think that "Wow the name is so cool, so dangerous, can it rule the world?".
But ermm.. No!! 😵😵😵😵😵😵
This is just a very basic vulnerability - easy to learn, easy to find out, easy to exploit, easy to conduct the report.
With just some basic background in HTML, you will see that it's not hard to learn.
And.. The fact that Cross - Site Scripting (XSS) is just a really complicated technical name, for me, I would call it HTML Injection
I have told you so much about Injection (Ex: Covid-19 pandemic.. For more information, please go back to SQL Injection and Command Injection)
, so in this case, the object we want to inject something is HTML.
A successful XSS (HTML Injection) attack can cause the web interface to be changed by the hacker, or execute mallicious JavaScript in the client browser
which can leads to many phising or Account - Take - Over consequences (I will go more detail below).
Consider that a website let users input their name, and then this website will print out the name on the screen. This is a basic PHP code of how to do this:
$username = $_GET['user_input'];
echo $username;
echo '<h1>Make the words bigger</h1>';