Ajax Security: Dangerous Use of Eval XSS

Unvalidated user-supplied data is used in conjunction with a Javascript eval() call. In a reflected XSS attack, Attacker can craft a URL with the attack script and store it on another website, email it, or otherwise trick a victim into clicking on it. 

Goal: 

Here we will craft XSS attack that take advantage of eval() function. Goal is to trigger 'alert()'document.cookie.

eval('123)

-- Add malicious code

 

('); 

Step by step Guide

1. Enter below code to Digital Access Code field. 

123');

alert(document.cookie);

(' 

2. XSS successfully injected to the website

 

 

 

 

Please publish modules in offcanvas position.