Skip to content

Commit

Permalink
Merge pull request #2 from sigpwny/xss
Browse files Browse the repository at this point in the history
xss
  • Loading branch information
henopied authored Sep 22, 2024
2 parents 634e269 + 500d502 commit 226af81
Showing 1 changed file with 18 additions and 1 deletion.
19 changes: 18 additions & 1 deletion fallctf-2024/src/web/web.md
Original file line number Diff line number Diff line change
Expand Up @@ -125,5 +125,22 @@ If you want more resources on learning the linux command line...

+ Review our [Setup/Terminal Meeting Slides](https://sigpwny.com/meetings/fa2023/2023-09-03/)

## Cross Site Scripting (XSS)
## Cross-Site Scripting (XSS)

Cross-Site Scripting is a vulnerability that allows an attacker to execute malicious scripts on a website. This can be used to steal cookies, redirect users to malicious websites, or deface the website.

I like to think of XSS as as another type of injection attack, but instead of injecting into a database or command line, you're injecting into the website's HTML.

For example, let's say you have a website that displays a user's name on the page. If the website includes the input directly into the HTML, you can put your own HTML code in the input and have it execute on the page.

```html
<p>Welcome, <span id="username">USER INPUT</span></p>
```

If I had set `USER INPUT` to `<script>alert("Hello!")</script>`, then the website would display a popup saying "Hello!".

```html
<p>Welcome, <span id="username"><script>alert("Hello!")</script></span></p>
```

More details on XSS: https://portswigger.net/web-security/cross-site-scripting

0 comments on commit 226af81

Please sign in to comment.