Cross-Site Scripting (XSS)

March 23, 2024

First we tried entering a normal name to the website

Then we will now insert our malicious code which is XSS attack

#"><img src=/ onerror=alert(document.cookie)>

  1. ">: This part could be the closing tag of an HTML attribute value or element.

  2. <img src=/: This starts an <img> tag with the src attribute set to /, which typically refers to the root directory of the website.

  3. onerror=alert(document.cookie): This is where the actual attack takes place. The onerror attribute is an event handler that triggers if an error occurs while loading the image. In this case, the error is intentionally caused by providing an invalid src attribute value. When the error occurs, the JavaScript code alert(document.cookie) is executed. This code pops up an alert dialog displaying the value of the document.cookie property, which contains all the cookies associated with the current website. This is a common technique used in XSS attacks to steal sensitive information like session cookies.

PreviousHTML InjectionNextCross-Site Request Forgery (CSRF)

Last updated