Reflected XSS

1: A perpetrator discovers a website having a vulnerability that enables script injection.

2: Perpetrator injects the website within a malicious script that steals each visitor’s session cookies.

3: For each visit to the website, the malicious script is activated.

4: The Visitor’s session cookie is sent to the perpetrator.

1: Open the AltoroMutul website.

2: Check whether the website is Vulnerable to reflected XSS or not.

Write something in the Search Bar: www.walikhankakaro.com

3: Inject the script.

Script code: <script>alert(“Hello”)</script>

Table of Contents