Reflected XSS
Reflected XSS occurs when user input is immediately returned in an HTTP response without proper encoding.
Common injection points
- Search parameters
- Error messages
- URL path segments
Testing approach
- Inject a unique canary string (e.g.
xsspayloads123) - Check if the canary appears unencoded in the response
- Escalate to event handlers or script tags based on context
Example payload
<script>alert(document.domain)</script>
Always obtain written authorization before testing.