Step 1: Login to the application and navigate to http://192.168.31.112:9090/app/products
http://192.168.31.112:9090/app/products
Step 2: Click "Search Product". Enter some string and click "submit". Intercept the request using Burp.
Step 3: Modify the "name" parameter in the POST request body to <script>alert(document.domain)</script>. Forward the request
<script>alert(document.domain)</script>
Step 4: In the response, notice that <script>alert(document.domain)</script> is part of the HTML in the products page.
<iframe onload=alert('XSS');></iframe>
Last updated 5 years ago
Was this helpful?
