XSS - Reflective
- LAST UPDATED DATE: 2015/11/25
- LAST UPDATED BY: @mubix
Cross-site scripting (XSS) is a vulnerability that enables attackers to inject client-side code into web applications.
Capabilities and Risk
- Worst case RCE (see reference for Hipchat below)
How does one detect the exploitation of this vulnerability, or detect its presence.
What are some of the ways to fix this vulnerability?
- XSS to RCE in Hipchat: http://maustin.net/2015/11/12/hipchat_rce.html
- Link to CVE
- Link to Metasploit module
- Link to Nessus/NeXpose/Qualys write up
A write up on how this vulnerability can be exploited with demo code or screen shots