Cross-Site-Scripting(XSS)
XSS
It is one of the most common application-layer web attacks. XSS vulnerabilities target scripts embedded in a page that are executed on the client-side.
The concept of XSS is to manipulate client-side scripts of a web application to execute in the manner desired by the malicious user. Such a manipulation can embed a script in a page that can be executed every time the page is loaded, or whenever an associated event is performed.
XSS can be classified into 3 types
1. Stored XSS(Persistent XSS)
2. Reflected XSS
3. DOM Based XSS
Stored XSS
The most damaging type of XSS is Stored XSS, an attacker uses stored XSS to inject malicious content thru request payload, most often JavaScript code, into the target application. If there is no input validation this malicious code is permanently stored in DB.
so, when victims opens the affected web page in a browser the it will process and execute the XSS attack.
Reflected XSS
This the most common type of XSS. in this case, the attackers payload has to be a part of the request that is sent to the web server. it is then reflected back in such a way that the HTTP
response included the payload from the HTTP Request.
DOM Based XSS
It is an advanced XSS attack. It is possible if the web applications client side scripts write data provided by the user to the DOM. The data is subsequently read from the DOM y the web application and outputted to the browser. If the data is incorrectly handled, an attacker can inject a payload, which will be stored as part of the DOM and executed when the data is read back from the DOM.
please note that this attack completely at client side and it never sent to the server. This makes it even more difficult to detect for WAF and security engineers.
DOM objects that are most often manipulated include the URL(document.URL), the anchor part of the URL(location.hash) and the referrer(document.referrer)
Cross-site Scripting is a very old technique but XSS vulnerabilities remain one of the most common ones on the web. They are still mentioned by the Open Web Application Security Project (OWASP) as one of the top-10 security risks.
Comments
Post a Comment