Scenario 1 – maxss your haxss
This scenario will allow you to create a very basic application that will accept input from a user and return it in the HTML code of another page. This should indicate to you that it's likely to be a cross-site scripting (XSS) attack. I'm going to give you some very boring-looking code, and you can dress it up later if you wish.
A section on attacks against users and social engineering wouldn't be complete without even a brief mention of XSS—that most basic and pervasive of attacks. The merest mention of vulnerability to this attack used to make information security officers sweat; now they barely nod. It is accepted that one of the first things that a hacker or computer deviant learns is how to perform XSS. For those that don't know, XSS is the act of forcing JavaScript into the HTML of a web page and using it to perform actions. It can be used to deface websites and generally cause mischief and upset; however, its most widespread...
