August 2018
Intermediate to advanced
404 pages
10h 22m
English
In this recipe, we were testing for SQL Injection in a login form but noticed, by analyzing the server's responses, that the User-Agent header was being reflected and took that as an indicator of a possible XSS vulnerability. Then, we successfully exploited the XSS by appending an <IMG> tag to the header.
Read now
Unlock full access