Cross-site Scripting (XSS)
Cross-site Scripting (XSS) is an attack by injection of code on the client-side. The attacker attempts to execute fake scripts in a victim’s web browser by injecting malicious code into a valid web application or web page. The real attack occurs as the user enters the malicious code running a web application or a web page. The web application or web page turns into a vehicle to convey the pernicious content to the user’s browser. Vulnerable vehicles that are normally utilized for cross-site Scripting assaults are message boards, forums, and web pages that permit comments.
Cross-Site Scripting (XSS) attacks take place:
- Data reaches a Web application from an untrusted source, most likely from a web request.
- The information is used in the complex stuff that is submitted to a web customer for malicious content without validity.
This types of assaults based on XSS is practically boundless, however, they regularly incorporate transmitting private information, such as cookies or other data, to the assailant, diverting the victim to web content managed by the attacker, or performing the different operations related to malicious on the machine of the user under the appearance of the vulnerable site.
Reflected and Stored XSS Attacks
XSS attacks can normally be sorted into two classes: reflected and stored. There is a third, a considerably less notable kind of XSS attack called DOM Based XSS that is mentioned here separately.
Reflected XSS Attacks
Reflected attacks are ones in which the injected script is reflected from the web server, for instance in an error message, search result, or some other reply that contains any or all of the feedback sent to the server as part of the request. Reflected attacks are transmitted by another path to users, such as through an e-mail address, or some other page. The injected malware transfers to the compromised website if a user is tricked into clicking a malicious connection, uploading a specially built form, or even simply browsing a malicious website, representing the attack back to the browser of the user. Then the user runs the code as it arrived from a “trusted” server. Reflected XSS is sometimes called Type-II XSS or Non-Persistent, too.
Stored XSS Attacks
Stored attacks are those that permanently store the injected script on the targeted machine, such as in a message forum, database, comment area, visitor log, etc. The user then picks up the server’s malicious script as it demands the stored information. Stored XSS is sometimes also called Type-I XSS or Persistent.
DOM Based XSS
Aside from Reflected and Stored XSS, Amit Klein identified another type of XSS, DOM Based XSS in 2005. OWASP proposes the XSS categorization as defined in OWASP Article: Cross-Site Scripting Styles covering all of these XSS concepts, arranging them into a Reflected vs. Stored XSS and Client XSS vs. Server matrix, where DOM Based XSS is a Client XSS subset.
XSS Attack Consequences
The result of an XSS attack seems to be the same, regardless of whether it is reflected or stored (or DOM Based). The distinction lies in how the payload gets to the computer. Should not be misled into believing that a platform called a “brochureware” or “read-only” is not vulnerable to serious XSS attacks. XSS can create a number of end-user problems that vary in severity from an inconvenience to finishing a compromised account. The most severe XSS actions target disclosing the session cookie of the user, enabling an attacker to steal the session of the user and take over the account. Many destructive attacks include the installation of Trojan horse applications, exposing end-user files, redirecting the user to some other website, or platform or modifying content delivery. An XSS vulnerability that allows an attacker to change a press release or news article can influence the stock price of a business, or decrease customer trust. A vulnerability of XSS on a pharmaceutical site could permit an attacker to adjust dose data bringing about an overdose.
How you know If You Are Vulnerable
How to Protect Yourself
The OWASP XSS Security Cheat Sheet outlines the key protections against XSS.
Many institutions have developed a series of modular security modules in several languages including validation and escape routines to avoid parameter manipulation and XSS attack injection. CISSP training is very effective for the protection against these attacks.