HTB Academy | Cross-Site Scripting (XSS)
Cross-Site Scripting (XSS) Module
Skills Assessment
Describtion:
We are performing a Web Application Penetration Testing task for a company that hired you, which just released their new Security Blog
.
In our Web Application Penetration Testing plan, we reached the part
where you must test the web application against Cross-Site Scripting
vulnerabilities (XSS).
Start the server below, make sure you are connected to the VPN, and access the /assessment
directory on the server using the browser:
Questions:
- Identify a user-input field that is vulnerable to an XSS vulnerability
- Find a working XSS payload that executes JavaScript code on the target's browser
- Using the
Session Hijacking
techniques, try to steal the victim's cookies, which should contain the flag.
- First, let's create a server on our machine and prepare a payload for testing input fields on the target site.
Next post: HTB Academy Walkthrough