Reflected XSS

Parameter Based XSS - DVNA

Step 1: Login to the application and navigate to http://192.168.31.112:9090/app/products

Step 2: Click "Search Product". Enter some string and click "submit". Intercept the request using Burp.

Step 3: Modify the "name" parameter in the POST request body to <script>alert(document.domain)</script>. Forward the request

Step 4: In the response, notice that <script>alert(document.domain)</script> is part of the HTML in the products page.

<iframe onload=alert('XSS');></iframe>

Last updated 3 years ago