XSS for Dummies — Injection Attack Series
What the heck is Cross Site Scripting (XSS)?
Well, OWASP, one of my go to sites for information, defines XSS as a
“type of injection, in which malicious scripts are injected in otherwise benign and trusted websites.”
(https://www.owasp.org/index.php/Cross-site_Scripting_(XSS))
SO, what does that mean? Basically it’s a sequence of instructions that sends malicious code to the user of the web application in a form of browser side script, in which the user’s web browser has NO idea that it’s bad code and it thinks it’s coming from a trusted website.
What can an attacker get from XSS? As an attacker, they are trying to get something to benefit them, so they can access session tokens, cookies, and much more information no one wants to have the whole universe to know about.
There are two types of XSS:
Server XSS and Client XSS
(https://www.owasp.org/index.php/Types_of_Cross-Site_Scripting)
Server XSS consists of Stored XSS and Client XSS consists of Reflected and DOM Based XSS.
Stored XSS: What is it and why is it even important to know?
Let’s say you’re adding a comment on book club blog to someone who reviewed a book that…
