SBM Labs

Cyber Security Collaboration Project

Passive XSS
02 Nov 2013

The aim of this lab is unauthorized execution of arbitrary script on a web page.

For this lab you will need:
1. Web browser Mozilla Firefox.

Go to the lab Passive XSS. HTTP request will be sent to the server using method GET.

In search field enter any word and send request. For example, vulnerability. HTTP request will be sent to the server using method POST. We will receive the string from our search request in web application response.

Then we will send to the server script <script>alert('Congratulations! Laboratory successfully completed!')</script>.

We will receive this script in web application response and it will be executed on the client side. As a result you will see notification window with the text «Congratulations! Laboratory successfully completed!».

Lab is completed. You should check and filter data in user's request on the server side in order to prevent Passive XSS vulnerability.

SQL Injection