Reflected XSS Attacks:

Reflected XSS Attacks, unlike the stored ones, are through the GET queries or manually (self xss). In this, the attacker has to insert his script in the URL itself, and make the user visit that URL using some Social Engineering.

An example of Reflected XSS would be

http://example.com /search.php?q=”><script>alert(document.cookie)</script>

This type of XSS is mainly seen in search bars or through error messages, where the user input is displayed back to the user, and is not saved in the database.

The following screenshot shows the example of Reflected xss:

Suppose, a website shows its error page with the following code:

<html>

<body> 

<? php print “Not found: ” . urldecode($_SERVER[“REQUEST_URI”]); ?> 

</body>

</html>

Now, a user who goes to an invalid webpage, say http://example.com/doesnotexits, will be getting an error message saying

Not found : /doesnotexists

Here the user could notice that the webpage, which is not present (and he navigates to) is displayed to him as it is in the output.

So, he will try going to the webpage : http://example.com/<script>alert(“XSS”);</script>

Which will lead to the output of

Not found : <script>alert(“XSS”);</script>

And successful execution of it, resulting in an alert box with XSS in it.

Following is the graphical view of connection during Reflected XSS attack :