Reflected XSS §

The malicious string originates from the victim’s request.

Example §

1. The attacker crafts a URL containing a malicious string and sends it to the victim.

http://website/search?keyword=<script>...<script>

2. The victim is tricked by the attacker into requesting the URL from the website.

GET http://website/search?keyword=<script>...<script>

3. The website includes the malicious string from the URL in the response.

# the original website code would look like
<p>you searched for</p>
// server side generates the html code
<p>request.query['keyword']</p>

<!-- then the website code becomes -->
<p>you searched for</p>
<p><script>...</script></p>

4. The victim’s browser executes the malicious script inside the response, doing some malicious things, for example, sending the victim’s cookies to the attacker’s server.