From the course: Ethical Hacking: Hacking Web Servers and Web Applications
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Cross-site scripting
From the course: Ethical Hacking: Hacking Web Servers and Web Applications
Cross-site scripting
- [Instructor] I've scripted up a webpage on metasploitable called xssblog.html. It's in the folder /var/www, and we'll use this to demonstrate how cross site scripting works. Here we see an HTML document which has a form which will take a blog entry. The action taken on submission is to post to the server PHP script xssblog.php, and the blog text will be automatically appended as a parameter. The PHP script opens a file called xssblog.txt, and writes the blog entry into it. I've also created a script called xssread.php to read it back and display it. This opens the xss blog file and reads the blog, and is followed by some HTML code to display it on the screen. Okay, let's run this. That's been written, and I can now read it back. Okay, we get our blog entry. So far so good, always expected. Let's post another blog entry, this time including some script. I'll do this by including the string, script alert your…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.