by Anshuman    May 17, 2019

This is the demonstration of Cross-scripting — Reflected attack on GET & POST method and for the demo, I’ll be using bWAPP and bWAPP is a buggy web application and we can use to test various vulnerabilities in the web.

bWAPP Official Link:- http://www.itsecgames.com/

Let’s login to bWAPP with their default username & password.

username - bee

password - bug

1. Cross-site-Scripting — Reflected (GET )

Now please choose Cross-site-Scripting - Reflected (GET ) from the drop-down menu and click Hack.

Now on below webpage, you can able to see there are two input fields are there Firstname & Lastname and let’s enter the first name as Anshuman and last name as Pattnaik and let’s see what’s happening.

You can able to see the value of the first name & last name both are reflecting in the address bar. So if the variable’s value will reflect in the address bar then there is a possibility that an attacker can tamper that variable’s value and inject some Javascript code.

So to test let’s try to print the firstname in bold character and see what’s happening .

As you can able to see the firstname value Anshuman printed in bold letter and in the address bar also it’s HTML <b> reflecting. So from this, we can know that proper HTML encoding is done properly..

If the web application developer doesn’t do character encoding properly then these type of issue will come.

So now as the input field accepting < & > tag then we can inject <script> tag so let’s try a simple Javascript code and hit GO.

As you can see it shows the firstname value Anshuman in an alert dialogue box so from this experiment you can know that on this web page both the input fields are XSS vulnerable.

2. Cross-site-Scripting — Reflected (POST )

Now please choose Cross-site-Scripting — Reflected (POST ) from the drop-down menu and click Hack.

Now the same input we can try again the firstname as <b>Anshuman</b> and lastname as Pattnaik.

As you can see we got the same output as GET the firstname printed in a bold letter.

So let’s try inject <script> tag and let’s see what’s happening.

As you can see it shows the firstname value Anshuman in an alert dialogue box. So here these two input fields are XSS vulnerable.

Note

There two things to prevent XSS in both GET and POST

First step:- Always do a proper validation of the special characters in an input field.

Second step:- Use tag of charset — ISO-8859–1 on your web pages.

<META http-equiv="Content-Type" content="text/html; charset= ISO-8859–1">

In that case, there is a possibility to reduce the number of possible forms of a script injection. So it’s good to follow the above steps.

I hope you guys like this post-bye bye for now.

Happy Hacking :)

BUG BOUNTY