The terrifying world of Cross-Site Scripting (XSS) (Part 1) — StackZero
Cross-site scripting (XSS) is a cyber-attack where the cybercriminal injects malicious code into an already trustworthy and valid application or website so that the web browser can execute a properly crafted payload. Since the victim’s browser believes the code is from a legitimate source, it will run and execute it. The attacker’s purpose might be to acquire entry to a user’s data, such as any cookies or authentication information, to disguise as the user to do certain activities in the application, or to redirect users to a malicious website that they operate.
Before starting here a list of related articles for a quick navigation:
- The terrifying world of Cross-Site Scripting (XSS) (Part 1)
- The terrifying world of Cross-Site Scripting (XSS) (Part 2)
- XSS in practice: how to exploit XSS in web applications
- Reflected XSS DVWA — An Exploit With Real World Consequences
- How to exploit a stored XSS vulnerability on DVWA
- How to exploit DOM XSS on DVWA
Types of Cross-Site Scripting Attacks
We can classify Cross-site scripting attacks into three different types: reflected, stored, and DOM-based.
