How the Anchor Tag Can be Used for Reflected XSS Attacks

When there is information used to form the link itself, then it can be done: Imagine a page: http://site.com/redirect.php?target=google.com which will show one of those “You are leaving site.com, we’re not responsible… click here to …”. It may put part of your URI (the target parameter) into the HTML code.

If you’d try to escape this with “google.com”%20onclick=”alert(document.cookie)“, you could form the following:

<a href="http://google.com" onclick="alert(document.cookie)">

Of course, there are many if’s – but it can be done.

Leave a Reply

Your email address will not be published. Required fields are marked *