Understanding Cross-Site Scripting (XSS) Attacks
Cross-site scripting (XSS) is a security flaw or vulnerability that cause when the attacker executes malicious code into a webpage. Through this code, an attacker can get unauthorized access to data.
Sometimes, these attacks cause a fair part of the website because they are also parameters on the original URL.
This article will cover the different types of Cross-site scripting (XSS) attacks.
Types Of XSS Attacks:
These are majorly and widely used types of Xss attacks that are:
- Reflected XSS
- Stored XSS
- DOM-Based XSS
- Blind XSS
- Mutated XSS
- Self-XSS
- Document Object Model (DOM) Clobbering
- Cross-Site Tracing (XST)
- Type-0 XSS
- HTTP Parameter Pollution (HPP)
There are various types of Cross-site scripting (XSS) attacks that can be used in different forms in a bid to steal users' sensitive data and personal information. The intention or motive to use this attack is by any input medium to send malicious code to the application. Below we'll see some of them with examples.
Reflected XSS Attacks:
This is the most commonly used type of attack, through which the attackers can generate a malicious link or URL using the website and add the malicious code as a URL quarry or parameter.
javascripthttps://webapp.com/?keyword=<script>alert("You've been hacked")</script>
The attacker takes the compromised or vulnerable URL and sends it to a particular user or a number of users through phishing emails.
Unsuspicious users click on the link in the mail and open it in their browser. The code in the URL quarry or parameter runs on the website and executes the malicious intentions that attackers want.
Modern web browsers such as Chrome now check for URLs with script tags like what we have done above. It detects that it's an XSS attack and counters it. So attackers now attempt to compress or shrink the links using link shorteners, that's why, the parameter is not explicitly displayed as part of the link. Or, they encode the params in base64 or whatever format that does not display the script tag and inner code.
Stored XSS Attacks:
This type of attack takes a different approach. The attack is initiated from inside the website itself. It simply sends a piece of JavaScript code to the database using a regular input tag. The attacker goes to the website and looks for any input that can send data to the server like comment sections, search bars, or even forms. Then, instead of sending regular text, the attackers send malicious code inside a script tag.
javascript<script>alert("you've been hacked")</script>
We then store the piece of code in the database. Whenever we call the data on the client side, the code is returned and runs, rather than just displaying it. For instance, the hacker can use this to get the user’s credentials in the local storage or cookies and send it to their own servers, thus compromising users' data.
DOM-Based XSS Attacks:
Similar to the reflected XSS attacks, this can be initiated using parameters in the URL. In this case, the script tag will contain a function that uses the DOM to get HTML elements on the webpage and manipulate the webpage by running its script. Let’s take a look at this code below:
javascriptwindow.onload = function () {
var searchResult = document.getElementById('searchResult');
searchResult.innerHTML = `You've been hacked` + searchResult;
}
We get the text whose ID is searchResult and replace it with a malicious text on load. This is added to the DOM using innerHTML.
Now, to add this code to the webpage, we will need to add it as a query parameter.
javascripthttps://webapp.com/?keyword=<script>window.onload = function () {var searchResult = document.g
0 Comments