HTB Academy | Cross-Site Scripting (XSS)

Cross-Site Scripting (XSS) Module

Skills Assessment

Describtion:

We are performing a Web Application Penetration Testing task for a company that hired you, which just released their new Security Blog. In our Web Application Penetration Testing plan, we reached the part where you must test the web application against Cross-Site Scripting vulnerabilities (XSS).

Start the server below, make sure you are connected to the VPN, and access the /assessment directory on the server using the browser:

Questions:

Identify a user-input field that is vulnerable to an XSS vulnerability
Find a working XSS payload that executes JavaScript code on the target's browser
Using the Session Hijacking techniques, try to steal the victim's cookies, which should contain the flag.

First, let's create a server on our machine and prepare a payload for testing input fields on the target site.

To read More on DEV

Next post: HTB Academy Walkthrough