Practice

Q1: XSS is a server side vulnerability

A1: Yes/no

Q2: Craft a very simple HTML broken image tag with a source of a picture with a source of "x".

A2:

Q3: Now add an event handler that executes the javascript code for printing the page

A3:

Q4: Name 3 programming languages in which XSS can occur without besides JS

A4:

• 1

• 2

• 3

Q5: Name 2 context in which XSS can occur outside of the HTML tag insertion

A5:

• 1

• 2

Q6: Image a scenario in which we have a POST based reflected variable that leads to XSS. This is self-XSS by it's definition but can you think of ways to elevate this?

A6:

Q7: Create an input value for the search term which might trigger XSS

<script>
var searchTerms = 'fdsfds’;
</script>

A7:

Q8: Explain the following attack vector where put focus on the context that it occurs in, what event handler is being used and what javascript code triggers.