When we input malicious data in the "Name" field of the "Create new account" page, it will be sent to the server and could be exploited.

In order to check if your site is vulnerable or not, you can use the following test.

Input data into the form of a Cross site scripting example: In the following example, you will input “javascript:alert(‘XSS’);” into the “New account” form on the Gun.io website. If this data is sent to the server, it could be exploited. 1. Open the “New account” form on the Gun.io website. 2. Click the “Edit form” link on the right side of the form. 3. In the “Form Settings” box, input “javascript:alert(‘XSS’);” into the “Incoming data” box. Note: This data must be sent in the HTTP request, not as a GET or POST variable. If you are unsure of how to send data in the request, please contact your hosting provider or learn how to do it via Google.

Check your website's vulnerability with this Cross site scripting example

Input data into the form of a Cross site scripting example: In the following example, you will input “javascript:alert(‘XSS’);” into the “New account” form on the Gun.io website. If this data is sent to the server, it could be exploited. 1. Open the “New account” form on the Gun.io website. 2. Click the “Edit form” link on the right side of the form. 3. In the “Form Settings” box, input “javascript:alert(‘XSS’);” into the “Incoming data” box. Note: This data must be sent in the HTTP request, not as a GET or POST variable. If you are unsure of how to send data in the request, please contact your hosting provider or learn how to do it via Google.

Timeline

Published on: 11/10/2022 18:15:00 UTC
Last modified on: 11/15/2022 17:57:00 UTC

References