Reflected XSS

A reflected XSS is possible because a server echos (or called "reflects") client inputs (e.g., query strings) back to the client. If such inputs contain unsanitized scripts, XSS is possible.

Let us look at the following code:

const express = require('express');
const url = require('url');

let app = express();

// Function to handle the root path
app.get('/', async function(req, res) {

    let username = req.query.username;

    // Return the articles to the rendering engine
    res.send('Hello! ' + username);
});

let server = app.listen(8080, function() {
    console.log('Server is listening on port 8080')
});

The original purpose is to output a welcome sentence if you use the following URL.

http://localhost:8080/?username=cao

However, if an adversary crafts a URL and sends the URL to a victim, the victim is subject to XSS.

http://localhost:8080/?username=<script>alert(1)</script>

CS280 Homepage

Reflected XSS