display a different content of a website with XSS

Hello, I am not sure this is the right place to ask or not but I find it the most relevant compared to any other subforums.

I have this assignment to demonstrate simple XSS (cross site scripting). I have to craft an URL that would display a webpage, but some of its content has to be modified. I can't redirect it to a copy of that web page that has been modified, it has to link to the given website.

I have been looking for information in the past 90 minutes but none of the pages I found describes how to do this, they often talk about the more complex version of XSS

Anyone familiar with this?

kryptolite

Newbie Poster

7 posts since Jan 2006

Reputation Points: 10

Solved Threads: 0

4 Years Ago

Hello, I am not sure this is the right place to ask or not but I find it the most relevant compared to any other subforums.

I have this assignment to demonstrate simple XSS (cross site scripting). I have to craft an URL that would display a webpage, but some of its content has to be modified. I can't redirect it to a copy of that web page that has been modified, it has to link to the given website.

I have been looking for information in the past 90 minutes but none of the pages I found describes how to do this, they often talk about the more complex version of XSS

Anyone familiar with this?

You need to first create a webpage with an XSS vulnerability. This is any dynamic website that displays input from HTTP as is.

eg in PHP:

<?php 


echo $_GET['xss_me_please'];

?>

Now in your url you just pass anything to xss_me_please...

eg:

http://example.com/page.php?xss_me_please=this_is_xss<script>alert('hi');</script>

Its up to you to get creative with it and demonstrate something more realistic.

digital-ether

Nearly a Posting Virtuoso

Moderator

1,293 posts since Sep 2005

Reputation Points: 461

Solved Threads: 101

This article has been dead for over three months

You