Cross-site scripting (XSS)

Cross-site scripting is also a type of injection attack, which occurs when attackers inject malicious attack vectors in the form of a browser-side script. This occurs when a web application uses input from a user to craft the output without validating or encoding it.

We could modify the script used to inject SQL attack vectors to test XSS injection. To verify the output response, we could search for the expected script in the response:

import mechanize url = "http://www.webscantest.com/crosstraining/aboutyou.php" browser = mechanize.Browser() attackNumber = 1 with open('XSS-vectors.txt') as f: for line in f: browser.open(url) browser.select_form(nr=0) browser["fname"] = line res = browser.submit() content = res.read() ...

Get Effective Python Penetration Testing now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Effective Python Penetration Testing by Rejah Rehim

Cross-site scripting (XSS)

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly