CS - Lab Assignment-5

Uploaded by

Alester

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

26 views4 pages

CS - Lab Assignment-5

Uploaded by

Alester

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 4

Experiment No: 5

Cyber Security Lab Experiment - 5

Reflective Cross Site Scripting

Name : Alester Dsouza

ID : 201080004
Branch : Information Technology (IT)
Batch :A

Aim:
Perform reflective cross site scripting on the given site.

Theory:
Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected
into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web
application to send malicious code, generally in the form of a browser side script, to a different
end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a
web application uses input from a user within the output it generates without validating or encoding
it.

Reflected Cross Site Scripting

Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is
reflected off of a web application to the victim’s browser.
The script is activated through a link, which sends a request to a website with a vulnerability that
enables execution of malicious scripts. The vulnerability is typically a result of incoming
requests not being sufficiently sanitized, which allows for the manipulation of a web
application’s functions and the activation of malicious script
Experiment No: 5

To distribute the malicious link, a perpetrator typically embeds it into an email or third party website (e.g.,
in a comment section or in social media). The link is embedded inside an anchor text that provokes the
user to click on it, which initiates the XSS request to an exploited website, reflecting the attack back to
the user.

Impact of Reflected Cross Site Scripting

If an attacker can control a script that is executed in the victim's browser, then they can typically fully
compromise that user. Amongst other things, the attacker can:

1. Perform any action within the application that the user can perform.
2. View any information that the user is able to view.
3. Modify any information that the user is able to modify.
4. Initiate interactions with other application users, including malicious attacks, that will appear to
originate from the initial victim user.

Reflected XSS attack prevention and mitigation

There are several effective methods for preventing and mitigating reflected XSS attacks.
First and foremost, from the user’s point-of-view, vigilance is the best way to avoid XS
scripting. Specifically, this means not clicking on suspicious links which may contain
malicious code. Suspicious links include those found in:

1. Emails from unknown senders

2. A website’s comments section
3. Social media feed of unknown users

Having said that, it is ultimately up to a website operator to prevent potential abuse to

their users.
Scripts:
1. Redirecting the user to the other website
Experiment No: 5

2. Using alert() to pop up a dialog box.

Output :
1.
Experiment No: 5

Conclusion:
Hence, Reflective Cross Site scripting was studied and implemented on the given website.
The impacts, prevention and mitigation methods of reflective XSS were understood.

INE-Web-Application-Penetration-Testing-XSS-Attacks-Course-File_unlocked
No ratings yet
INE-Web-Application-Penetration-Testing-XSS-Attacks-Course-File_unlocked
47 pages
Advance XSS Handbook - Codelivly
No ratings yet
Advance XSS Handbook - Codelivly
68 pages
Cross Site Scripting
No ratings yet
Cross Site Scripting
15 pages
Cross Site Scripting
No ratings yet
Cross Site Scripting
15 pages
Cross Site Scripting Presentation Slides
No ratings yet
Cross Site Scripting Presentation Slides
23 pages
XSS vulnerability testing
No ratings yet
XSS vulnerability testing
8 pages
[CyberSec'24] Lab05 - Student Version
No ratings yet
[CyberSec'24] Lab05 - Student Version
29 pages
Xss & CSRF
No ratings yet
Xss & CSRF
26 pages
Cross-Site Scripting - Wikiped
No ratings yet
Cross-Site Scripting - Wikiped
54 pages
Cross Site Scripting (XSS)
No ratings yet
Cross Site Scripting (XSS)
32 pages
Unit 3 Part2
No ratings yet
Unit 3 Part2
57 pages
Cross-site Scripting (XSS)
No ratings yet
Cross-site Scripting (XSS)
17 pages
XSS Attack and how to mitigate it
No ratings yet
XSS Attack and how to mitigate it
8 pages
Experiment 7
No ratings yet
Experiment 7
9 pages
Hacking Essentials - The Beginner's Guide To Ethical Hacking And Penetration Testing
From Everand
Hacking Essentials - The Beginner's Guide To Ethical Hacking And Penetration Testing
Adidas Wilson
3/5 (1)
Cross Site Scripting Lab Manual
No ratings yet
Cross Site Scripting Lab Manual
14 pages
XSS
No ratings yet
XSS
13 pages
Chapter 7
No ratings yet
Chapter 7
13 pages
Week 4 Cross_site Scripting
No ratings yet
Week 4 Cross_site Scripting
5 pages
Introduction to Web Hacking: Cross-site Scripting
From Everand
Introduction to Web Hacking: Cross-site Scripting
Gary Drocella
No ratings yet
XSSPPT 201207062837
No ratings yet
XSSPPT 201207062837
17 pages
xss introduction
No ratings yet
xss introduction
9 pages
SecuringWebApplicationsAgainstCross-SiteScriptingXSSVulnerabilities
No ratings yet
SecuringWebApplicationsAgainstCross-SiteScriptingXSSVulnerabilities
8 pages
Cross Site Scripting (XSS)
No ratings yet
Cross Site Scripting (XSS)
11 pages
WP Cross Site Scripting
No ratings yet
WP Cross Site Scripting
12 pages
xss temu report
No ratings yet
xss temu report
7 pages
Paper_81-Cross_Site_Scripting_Research_A_Review
No ratings yet
Paper_81-Cross_Site_Scripting_Research_A_Review
7 pages
Garpa Xss Bug Report
No ratings yet
Garpa Xss Bug Report
6 pages
Cross Site Scripting 004
No ratings yet
Cross Site Scripting 004
15 pages
XSS Vulnerabilities
No ratings yet
XSS Vulnerabilities
6 pages
Cross-site Scripting (XSS)
No ratings yet
Cross-site Scripting (XSS)
7 pages
Truth of Cross Site Scripting (XSS)
No ratings yet
Truth of Cross Site Scripting (XSS)
14 pages
Experiment 7
No ratings yet
Experiment 7
3 pages
Prevention_Of_Cross-Site_Scripting_Attacks_XSS_On_
No ratings yet
Prevention_Of_Cross-Site_Scripting_Attacks_XSS_On_
5 pages
Final Report Sample
No ratings yet
Final Report Sample
6 pages
Cross-Site Scripting (XSS)
No ratings yet
Cross-Site Scripting (XSS)
6 pages
Xss
No ratings yet
Xss
11 pages
Cross-Site Scripting PDF
No ratings yet
Cross-Site Scripting PDF
18 pages
Module6 3
No ratings yet
Module6 3
17 pages
Cross Site Scripting: Name/Mohammed Aburas ID/382015800
No ratings yet
Cross Site Scripting: Name/Mohammed Aburas ID/382015800
17 pages
Project Report On Human Resource Management
No ratings yet
Project Report On Human Resource Management
14 pages
Xss White Paper
No ratings yet
Xss White Paper
8 pages
NA
No ratings yet
NA
2 pages
Reducing Attack Surface Corresponding To Type 1 Cross-Site Scripting Attacks Using Secure Development Life Cycle Practices
No ratings yet
Reducing Attack Surface Corresponding To Type 1 Cross-Site Scripting Attacks Using Secure Development Life Cycle Practices
4 pages
XSS in Theory: Cross-Site Scripting
No ratings yet
XSS in Theory: Cross-Site Scripting
12 pages
XSS
No ratings yet
XSS
3 pages
What Is Cross-Site Scripting (XSS) ?
No ratings yet
What Is Cross-Site Scripting (XSS) ?
4 pages
Documentation On Xss Vulnerability
No ratings yet
Documentation On Xss Vulnerability
3 pages
A Study On Removal Techniques of Cross-Site From Web Application
No ratings yet
A Study On Removal Techniques of Cross-Site From Web Application
7 pages
Reflected Cross Site Scripting (XSS) Attacks
No ratings yet
Reflected Cross Site Scripting (XSS) Attacks
4 pages
Qidasse Dioscoros - PPT 1
No ratings yet
Qidasse Dioscoros - PPT 1
199 pages
XSS Vulnerability Assessment and Prevention in Web Application
No ratings yet
XSS Vulnerability Assessment and Prevention in Web Application
4 pages
Cross-Site Scripting Attack: Manaloto, Joel Jr. S. BSIT 3-2 Case Study 1
No ratings yet
Cross-Site Scripting Attack: Manaloto, Joel Jr. S. BSIT 3-2 Case Study 1
3 pages
Daily Plan for UPSC CSE 2026 - UPSCprep.com
No ratings yet
Daily Plan for UPSC CSE 2026 - UPSCprep.com
17 pages
Cross Site Scripting Cheat Sheet
No ratings yet
Cross Site Scripting Cheat Sheet
3 pages
Cross-Site Scripting: (1) Background
No ratings yet
Cross-Site Scripting: (1) Background
9 pages
Xss
No ratings yet
Xss
4 pages
Xss Documentation
No ratings yet
Xss Documentation
6 pages
"Cross Site Scripting - Client Side Solution": Mahesh Kumar, Ms. Sunita Kumari
No ratings yet
"Cross Site Scripting - Client Side Solution": Mahesh Kumar, Ms. Sunita Kumari
6 pages
Cross Script Xss
No ratings yet
Cross Script Xss
3 pages
Cross Site Scripting
No ratings yet
Cross Site Scripting
6 pages
Cross-Site Scripting Attacks Procedure and Prevention Strategies
No ratings yet
Cross-Site Scripting Attacks Procedure and Prevention Strategies
3 pages
ATS Friendly CV Template _ International Hustlers
100% (1)
ATS Friendly CV Template _ International Hustlers
1 page
Elçin Mahmud Tel: 055 3959796
No ratings yet
Elçin Mahmud Tel: 055 3959796
2 pages
Poems of The Elders: An Anthology From The Theragāthā and Therīgāthā
100% (2)
Poems of The Elders: An Anthology From The Theragāthā and Therīgāthā
141 pages
Certificate of Pet Liability Insurance
No ratings yet
Certificate of Pet Liability Insurance
1 page
DCS P-51D Flight Manual EN PDF
67% (3)
DCS P-51D Flight Manual EN PDF
186 pages
bài tập phân biệt thì hiện tại đơn và tương lai đơn
No ratings yet
bài tập phân biệt thì hiện tại đơn và tương lai đơn
4 pages
Axelle's
No ratings yet
Axelle's
8 pages
Zabavsky Dismissal
No ratings yet
Zabavsky Dismissal
38 pages
Command of Textual Evidence
No ratings yet
Command of Textual Evidence
8 pages
CM5-Forward-Guidance
No ratings yet
CM5-Forward-Guidance
8 pages
ĐỀ CƯƠNG HK2 TIẾNG ANH 8 (23-24)
No ratings yet
ĐỀ CƯƠNG HK2 TIẾNG ANH 8 (23-24)
9 pages
GHO 4 Present Perfect Time Expressions Students 2
No ratings yet
GHO 4 Present Perfect Time Expressions Students 2
5 pages
Budgeting As Practice and Knowing in Action: Experimenting With Bourdieu 'S Theory of Practice: An Empirical Evidence From A Public University
No ratings yet
Budgeting As Practice and Knowing in Action: Experimenting With Bourdieu 'S Theory of Practice: An Empirical Evidence From A Public University
15 pages
College of Computer Science & IT,: House Rental Management System
No ratings yet
College of Computer Science & IT,: House Rental Management System
21 pages
Parsi Wedding Rituals
No ratings yet
Parsi Wedding Rituals
2 pages
API Testing Basics
No ratings yet
API Testing Basics
10 pages
Individual Is A Product of Culture
100% (2)
Individual Is A Product of Culture
3 pages
Vopak
No ratings yet
Vopak
22 pages
20241203_2155002196120181
No ratings yet
20241203_2155002196120181
2 pages
AMLA
No ratings yet
AMLA
4 pages
Form 956a Apr 2016
No ratings yet
Form 956a Apr 2016
9 pages
Thomas Green: Power, Office Politics, and A Career in Crisis
No ratings yet
Thomas Green: Power, Office Politics, and A Career in Crisis
7 pages
VISA & Tax Term
No ratings yet
VISA & Tax Term
2 pages
Sample Aip
No ratings yet
Sample Aip
3 pages
Owen Johnston Karate Instructor Profile
No ratings yet
Owen Johnston Karate Instructor Profile
4 pages
Homework: Tragic Hero: Directions
No ratings yet
Homework: Tragic Hero: Directions
2 pages
Jra Task List Form
No ratings yet
Jra Task List Form
2 pages
Nervous Markets: Morning Report
No ratings yet
Nervous Markets: Morning Report
3 pages