evalor similar function
Imagine the following php code for a welcome page.
The GET variable is added to the webpage without cleaning, this can be exploited.
Try to modifiy the name parameter to see what happens.
Now let's look at what happend when we tried to inject some script.
There is many way to do that,
Now that you got code execution, what can you do ?
- You can submit forms on behalf of the user.
- You can look for secrets on the page and exfiltrate them to your server.
- You can modify how a website webhave.
If you want to learn more about XSS and how to defeat protections you can take a look at our >.