11 lines
711 B
Plaintext
11 lines
711 B
Plaintext
Reflected cross-site scripting (XSS) occurs in a web application when the application retrieves data like parameters or headers from an incoming HTTP request and inserts it into its HTTP response without first sanitizing it. The most common cause is the insertion of GET parameters.
|
|
|
|
// image:common/images/browser.png[]
|
|
When well-intentioned users open a link to a page that is vulnerable to reflected XSS, they are exposed to attacks that target their own browser.
|
|
|
|
A user with malicious intent carefully crafts the link beforehand.
|
|
// Here is an example:
|
|
|
|
// image:common/images/url.png[]
|
|
After creating this link, the attacker must use phishing techniques to ensure that his target users click on the link.
|