# Intro - There are two types of `Non-Persistent XSS` vulnerabilities: - `Reflected XSS`, which gets processed by the back-end server - `DOM-based XSS`, which is completely processed on the client-side and never reaches the back-end server - Unlike Persistent XSS, `Non-Persistent XSS` vulnerabilities are temporary and are not persistent through page refreshes - `Reflected XSS` vulnerabilities occur when our input reaches the back-end server and gets returned to us without being filtered or sanitized - There are many cases in which our entire input might get returned to us, like error messages or confirmation messages - In these cases, we may attempt using XSS payloads to see whether they execute - However, as these are usually temporary messages, once we move from the page ![[images/Pasted image 20251212201241.png]] # Executing the attack - To target a user, we can send them a URL containing our payload - To get the URL, we can copy the URL from the URL bar in Firefox after sending our XSS payload, or we can right-click on the `GET` request in the `Network` tab and select `Copy>Copy URL` ![[images/Pasted image 20251212201419.png]] - Once the victim visits this URL, the XSS payload would execute # Exercise - try test alert payload ```html <script>alert(window.origin)</script> ``` ![[images/Pasted image 20251212201613.png]] ![[images/Pasted image 20251212201625.png]] - try cookie leak payload ```html <script>alert(document.cookie)</script> ``` ![[images/Pasted image 20251212201640.png]] ![[images/Pasted image 20251212201700.png]] ![[images/Pasted image 20251212201713.png]]