XSS Reflected AJAX JSON Low Security Level

XSS - Reflected (AJAX/JSON) Low Security Level Solution: *Note: I am using BurpSuite pre configured browser, in case if you are not using the pre configured browser then please configure the browser with proxy and then follow the below steps. Step 1. Enter ' and check the results change Step 2. Give any input of your choice and forward the request through BurpSuite. Check url - http://localhost/bWAPP/xss_ajax_2-1.php Check BurpSuite results - GET /bWAPP/xss_ajax_2-2.php?title=PseudoTime HTTP/1.1 Step 3. Add the below script inplace of the inputs you have given - follow steps as shown in the video. ***Note: As YouTube doesn't allow angular brackets in the Description section replacing them with ( )   a. (script)alert(document.cookie)(/script) b. Right click and send the request to the repeater tab c. Click on send and check the Response d. Right click on the page and select - Request in browser - In original session e. Copy and turn off the intercept f. Go to the web browser, open new tab and paste the copied details g. Note the cookie details are displayed, click on ok and the error will be displayed Step 4. Try to replace the script with other scripts, follow steps as shown in the video E.g. (script)prompt('Please enter your name.')(/script) Explore the lesson with other scripts. PseudoTime