Let's look at the following steps:
- We will use Damn Vulnerable Web Application (DVWA) for this recipe. Log in using the default admin credentials (admin as both username and password) and go to XSS reflected.
- The first step in testing for a vulnerability is to observe the normal response of the application. Introduce a name in the textbox and click Submit. We will use Bob:
- The application used the name we provided to form a phrase. What happens if instead of a valid name we introduce some special characters or numbers? Let's try with <'this is the 1st test'>:
- Now, we see that anything we put in the textbox will be reflected ...