How to add a script tag to the end of a URL which can be covered as a part of XSS Testing



  • I am trying to test a local website link for a possible XSS attack. Can you please help me looking for a solution in way that if i add some script tag to the end of the URL under test, then it either throw and exception or an alert. For Eg: If link under test is: https://testmysite/login.aspx then what kind of script I can append with URL so that it returns an Exception or an Alert. I hope that the question is clear. Pardon me if this has been already asked as I am unable to find the exact problem.



  • In addition to Joe's resource, the OWASP site has a lot on XSS too: https://www.owasp.org/index.php/Cross-site_Scripting_(XSS) I would also encourage you to look a bit further than OWASP once you get those base concepts down. There are MANY ways to bypass basic XSS protections.



Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2