Aoc Day6

Cross-site Scripting (XXS) is a web vulnerability that allows an attacker to  the interactions that user have a vulnerable application.
XXS allow an attacker to masquarite as a victim user. If the victim user has privilege access within application (ie.admin), then the attack might be able to gain full control.
''''

Types of XSS -> Stored XSS Stored XSS works when a certain malicious JavaScript is submitted and later on stored directly on the website.

–> Reflected XSS Refected XSS that is carried out directly in the HTTP request and requires the attacker to do a bit more work.

# TASK

1. No answer

2. What vulnerability type was used to eploit the application?

Stored Cross-site Scripting

3. What query string can be abused to craft a reflected XSS?

q

4. No answer

5. Run a ZAP automated scan on the target. How many XSS alert are in the scan?

2

6. No answer

============================================================================