Testing for JavaScript execution
JavaScript injection is a subtype of XSS attacks specific to the arbitrary injection of JavaScript. Vulnerabilities in this area can affect sensitive information held in the browser, such as user session cookies, or it can lead to the modification of page content, allowing script execution from attacker-controlled sites.
Getting ready
We will the OWASP Mutillidae II Password Generator exercise to determine whether the application is susceptible to JavaScript XSS attacks.
How to do it...
- Navigate to OWASP 2013 | A1 - Injection (Other) | JavaScript Injection | Password Generator:
Figure 9.24 – Password Generator lesson