I have a textbox which is used for searching the data within the site. What my client wants that, 1)Enter any text in the search field and click the search symbol. 2)The request going to the server using a web proxy tool like "Burp" 3)Append
the parameter with the script present as "test<~script>confirm(123)<~/script>" what happens here is
The XSS script entered by the advesary gets reflected in the response without any input. Please see the image below you will get an idea:-
Guys, let me know if you need any more information related to it. Please help guys, Any help would be appreciated. I want to stop the attack from server side.