Xss question, JavaScript doesn't work

Question:

I decided to understand the essence and mechanism of xss. I wrote a simple html:

<html>
 <head>
      <title>
           xss
      </title>
 </head>
 <body>
      <H1>
           test
      </H1> <br />
      <?php
          echo $_GET['in'];
      ?>         
  </body> 
</html>

If I refer to him like

.../index.php?in=string

then output the string I passed, but if I try to write a script

.../index.php?in=<script>alert('xss here')</script>

then nothing happens.

What am I doing wrong?

PS: JavaScript is enabled in the browser

Answer:

Most likely, you are using Chrome: the Chrome XSS Auditor handles such simple reflected XSS, in which case messages about blocking script execution will be displayed on the "Console" tab of the developer panel.

But keep in mind that Chrome will not necessarily protect against any reflected XSS , you can still browse the search results by " chrome xss auditor bypass ".

I think this game from Google , where you can get acquainted with different types of XSS, will be of interest to you.

Scroll to Top