Cross-Site Scripting(XSS) is a type of attack in which attacker can insert and run the client side script in the web application. It occurs when user does not validate or encode the user inputs and show it in the browser directly. The most common scripting language is JavaScript which is used to XSS attack. In this attacker find browser cookies, sessions and use this information for wrong purpose or may damage some important information of the site.
There are 3 types of cross site scripting.
1. Reflected XSS
2. Stored XSS
3. DOM-based XSS
1. Reflected XSS is also called non-persistent XSS, this is because the attacker input is reflect on browser without saving in server. In this, when attacker run scripts , then the data is immediately return on browser in the form of error messages, success messages etc. For example if we enter the script in the username field on the login page and error will occur, the username is appended to the error message or response and will run on the browser.
2. Stored XSS attacks takes place when the user input scripts(script written by the attacker) is permanently saved at the server side and later it will retrieve to render on the browser.
3. DOM base XSS occurs on the DOM elements. Attacker inserts the malicious script in the user input field and this script not reflect into the response but inserted to the DOM element as a JavaScript code. This scripts will run when the page is rendered completely.
0 Comment(s)