Member-only story
XSS for beginners…
Cross-site scripting is a classic well-known type of attack that is possible because some software applications take user input in an insecure way. This happens via search fields, survey forms, cookies, and online web forms.
Types → Reflected XSS, Stored XSS, and DOM XSS.
- Reflected XSS → This attack occurs when a malicious script is reflected in the website’s results.
For Instance,
An attacker gives your web application JavaScript tags on input(<script type=’text/javascript’>alert(‘Possible XSS’);</script>
When this input is returned to the user unsanitized, the user’s browser will execute it. It can be as simple as crafting a link and inducing a user to click it, or it can be something much more dangerous. On page load, the script runs and, can be used to post your cookies to the attacker.
While visiting a forum site that requires users to log in to their account, a person executes this search query causing the following things to occur:
1. The query produces an alert box saying: “possible XSS”.
2. The page displays: “<script type=’text/javascript’>alert(‘XSS’);</script > not found.”
3. The page’s URL reads https://abcd?q=<script type=”text/javascript”>alert(‘XSS’); </script>
