XSS Attacks

User-provided data, such as URL parameters, POST data payloads, or cookies, should always be considered untrusted and tainted. Furthermore, when processing an HTTP request, a web server may copy user-provided data into the body of the HTTP response that is sent back to the user. This behavior is called a “reflection”. Endpoints reflecting tainted data could allow attackers to inject code that would eventually be executed in the user’s browser. This could enable a wide range of serious attacks like accessing/modifying sensitive information or impersonating other users

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it

Types of XSS

Reflected XSS

Stored XSS

BOM Based XSS

These videos explain the impact of vulnerability and exploitation

https://www.youtube.com/watch?v=IWbmP0Z-yQg

https://www.youtube.com/watch?v=TeIK1244sSk

https://www.youtube.com/watch?v=PRDO0ZjYGfc

https://www.youtube.com/watch?v=Vr8nSmDz5B4&list=PLsB1gqjeUAh_yEuLgtZ0ppLlExcYOL2Kp&index=2

https://www.youtube.com/watch?v=hWQ4LuwVAsg&list=PLsB1gqjeUAh_yEuLgtZ0ppLlExcYOL2Kp&index=3

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store