XSS

Cross-site Scripting can be classified into three major categories — Stored XSS, Reflected XSS, and DOM-based XSS.

Reflected XSS

/index.php?lang= site: ( domain name)

/index.php?page= site: ( domain name)

/search?query= site: ( domain name)

/search?keyword= site: ( domain name)

inurl:".php?searchstring="

Keyword : myteacherlove

Step 1 :       [search any keyword]

Step 2:             [reflect the keyword in html tag in source code ]

Step 3:    push this code on search bar [<script>alert("this website is hacked")</script>"]

You get a popup page that means that website can hack hackers.