XSS (Cross-Site Scripting)

An XSS attack makes an application execute unauthorized code.

Detection:

Payload examples to test for XSS vulnerabilities for javascript:

javascriptCopy code<script>alert('XSS');</script>
<sscriptcript>alert('XSS');</sscriptcript>

Reflected XSS:

User-supplied data is reflected in the webpage immediately.

  • Locations:

    • URL parameters.

    • URL file paths.

    • HTTP headers.

  • Impacts:

    • Reveal session tokens.

    • Disclose user information.

    • Remotely execute malicious code for other users.

Stored XSS:

Malicious scripts are stored on the server, affecting all users.

  • Locations:

    • Blog comments.

    • User profile information.

    • Listings on a website.

  • Impacts:

    • Unauthorized redirections.

    • Cookie theft.

    • Actions performed on behalf of users.

DOM-Based XSS:

JS code is executed directly in the browser without new page loads or backend requests.

  • Locations:

    • Scripts using browser-controlled data like window.location.x.

  • Impacts:

    • Redirecting users through crafted links.

    • Stealing sensitive data from the DOM.

  • Mitigation:

    • Avoid unsafe methods like eval.

    • Ensure safe handling of DOM manipulations.

Blind XSS:

  • The attacker cannot directly see the effects of their payload.

  • Testing: Use payloads with callbacks to verify execution (e.g., XSS Hunter Express).

PreviousFile uploadNextXXE injection

Last updated