https://github.com/johnib/xss-example
cross-site scripting example
https://github.com/johnib/xss-example
Last synced: over 1 year ago
JSON representation
cross-site scripting example
- Host: GitHub
- URL: https://github.com/johnib/xss-example
- Owner: johnib
- Created: 2016-09-07T17:44:15.000Z (almost 10 years ago)
- Default Branch: master
- Last Pushed: 2016-09-08T07:48:13.000Z (almost 10 years ago)
- Last Synced: 2025-02-07T03:29:21.551Z (over 1 year ago)
- Language: JavaScript
- Size: 10.7 KB
- Stars: 0
- Watchers: 1
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Cross-Site Scripting Simple Example
## Abstract
Many websites allow people to add comments, mostly at the bottom of the page.
By taking user-input comes great responsibility for validating the input and
eliminate chances for scripts to be run on other user's browsers.
## Install
```
npm install
```
## Run
```
node webserver.js
node listener.js
```
## This project
This project is a simple example of a website that allows adding and viewing
comments.
It comes with two versions:
1. XSS-proof: `http://localhost:3000/`.
2. XSS-vulnerable: `http://localhost:3000/xss`
If you add malicious code as a comment in the vulnerable endpoint - you'll
notice that once the page is reloaded - the malicious code actually executes.
## How to demo
I have added two examples:
1. LocalStorage theft.
2. Keylogging.
Open `demo-scripts.html`, each one of the scripts should be tested separately
(meaning - cleaning the db file and restarting the webserver).