Cross Site Scripting (XSS) Attack Complete Guidance with Examples.

#1. What is Cross Site Scripting (XSS) Attacks ?

Cross Site Scripting (XSS) is a Code Injection attack executed on the client-side of the Web Application.

The client-side of a Web Application is usually the software that is used to interact with the Web Application and in most cases it is a Browser that is used to interact with Web Application.

So, In Cross Site Scripting (XSS) attack , we inject malicious code on to the Web Browser to make the Web Application do something that is Ideally not suppose to do. So, in this case (attack) the Attacker injects malicious script through web browser and what happens is , this malicious script execute on the Web Application after it injected on the web browser. The malicious script is executed when either the victim visits the web page or the web server. There are different types of Cross Site Scripting depending upon what kind Cross Site Scripting is being used. This attack is mainly used to steal Cookies, Session tokens, passwords and other sensitive information. Cross Site Scripting can also be used to Modify the contents of the Website , because XSS attack is a Code Injection attack , we can modify the contents of the website by injecting malicious code on to web server or the web browser.

#2 . How Cross Site Scripting Works ?

## Logic Behind the Cross Site Scripting Attacks…

Cross Site Scripting (XSS) is basically a Web Application Hacking Techniques , so we need a Website and a Web Server and a Victim. So, what happen when we ideally access a website , so we have a Laptop then we use a Internet Connection to access a web page may be, we interacted or send Data to the Web Application or enter the Data in the text box or even if we don’t there is some transaction of Data that happen between you and the Web Server through the Website. So, what happens is you sends a request to the web server through the website and the response send back to you through the web page. So, what happen in the XSS attack is a Hacker can inject a malicious code on the website which is then send either to the victim or to the server depending upon what kind Cross Site Scripting Hacker being used and when this happens , the malicious script is executed either when the victim visits a web page or when victim try to access a page or access some Data from the server and when all this is happening, a Hacker can inject a Code , which can be used to steal the credentials or any sensitive information. And by this logic , An Hacker can inject malicious script that can be used to steal the credentials or any other sensitive information of the victim either from the Web Browser or the Web Server. So, this is the Logic behind the Cross Site Scripting Attacks.

#3 . Types of Cross Site Scripting Attacks (XSS)

There are mainly three types of Cross Site Scripting attacks.

  • Reflected XSS (Non-persistent)
    • Script is executed on the victim side.
    • Script is not stored on the server.
  • DOM (Document Object Model) XSS
    • Client side attack. Script is not sent to the server.
    • Legitimate Server script is executed followed by Malicious script.
  • Stored XSS (Persistent)
    • Script is stored and executed on the server.
    • Executed every time the malicious site requested.

1 . Reflected Scross Site Scripting

In this types of attacks , the script is executed on the victim site and it is mainly executed on the browser. So, the script is send to the server or even it sends , depending upon API calls or the request, the script is not stored on the browser side. That this is know as Reflexted XSS , because the malicious is reflected on the victim side and it not really stored on the server.

2. Stored Cross Site Scripting

So, like we saw in the Reflected XSS , the data is not being stored on the web server. It is executed on the Web browser. Now in Stored XSS , what happen is this , the script is stored and executed on the server. So, there is a lot of web applications like Facebook.

Leave a Reply