Hi!
I have been tasked to do penetration
testing on an in-house web application. I have to use OWASP ZAP penetration testing tool. This tool gave a report which says there is DOM based XSS vulnerabilities.
It gave a sample attack:
I would like to simulate this attack in the web browser since it is a GET request. What I did was to do an URL decode of the
string after login_error=1, which gave me this:
and I appended it after login_error=1 in the address bar and hit enter. It did not popup an alert as I have hoped for.
Can anyone tell me how I could simulate this XSS?
Thanks in advance.