What is Reflected XSS Cross-Site Scripting Attack
Reflected XSS Attacks:
Reflected XSS Attacks, unlike the stored ones, are through the GET queries or manually (self xss). In this, the attacker has to insert his script in the URL itself, and make the user visit that URL using some Social Engineering.
An example of Reflected XSS would be
http://example.com /search.php?q=”><script>alert(document.cookie)</script>
This type of XSS is mainly seen in search bars or through error messages, where the user input is displayed back to the user, and is not saved in the database.
The following screenshot shows the example of Reflected xss:

Suppose, a website shows its error page with the following code:
<html>
<body>
<? php print “Not found: ” . urldecode($_SERVER[“REQUEST_URI”]); ?>
</body>
</html>
Now, a user who goes to an invalid webpage, say http://example.com/doesnotexits, will be getting an error message saying
Not found : /doesnotexists
Here the user could notice that the webpage, which is not present (and he navigates to) is displayed to him as it is in the output.
So, he will try going to the webpage : http://example.com/<script>alert(“XSS”);</script>
Which will lead to the output of
Not found : <script>alert(“XSS”);</script>
And successful execution of it, resulting in an alert box with XSS in it.
Following is the graphical view of connection during Reflected XSS attack :

Wireless and Web Pentesting
Course Description Network Penetration Testing course for beginners taking you from wondering what hackers do to set up a lab, learning Kali Linux, and…
Advance Ethical Hacking and Penetration Testing
Overview Ethical hacking is an extremely valuable job skill that the more applications, the more website, the more software that is created, the more…
Ethical Hacking and Penetration Testing
Overview Ethical hacking is an extremely valuable job skill that the more applications, the more website, the more software that is created, the more…
Advanced Python Scripting for Ethical Hackers
Many of the most powerful, memorable and effective photographs are black and white images. With digital photography though you can no longer take a…
Network Pentesting
Course Description @ Network Pentesting course for beginners taking you from wondering what hackers do to set up a lab, learning Kali Linux, and…
Proactive Cybersecurity for Individuals and Small Businesses
How You Can Protect Your Identity While Surfing Online, Starting Today…In This Step by Step Video Course While 99% of the population won’t do…
Python for Ethical Hackers
Many of the most powerful, memorable and effective photographs are black and white images. With digital photography though you can no longer take a…
Wireshark Network Analysis
Sass is completely compatible with all versions of CSS. We take this compatibility seriously, so that you can seamlessly use any available CSS libraries.
Vulnerability Assessment
Less is a CSS pre-processor, meaning that it extends the CSS language, adding features that allow variables, mixins, functions and many other techniques that…