XSS (Cross-Site Scripting)

An XSS attack makes an application execute unauthorized code.

Detection:

Payload examples to test for XSS vulnerabilities for javascript:

javascriptCopy code<script>alert('XSS');</script>
<sscriptcript>alert('XSS');</sscriptcript>

Reflected XSS:

User-supplied data is reflected in the webpage immediately.

• Locations:

  • URL parameters.

  • URL file paths.

  • HTTP headers.

• Impacts:

  • Reveal session tokens.

  • Disclose user information.

  • Remotely execute malicious code for other users.

Stored XSS:

Malicious scripts are stored on the server, affecting all users.

• Locations:

  • Blog comments.

  • User profile information.

  • Listings on a website.

• Impacts:

  • Unauthorized redirections.

  • Cookie theft.

  • Actions performed on behalf of users.

DOM-Based XSS:

JS code is executed directly in the browser without new page loads or backend requests.

• Locations:

  • Scripts using browser-controlled data like window.location.x.

• Impacts:

  • Redirecting users through crafted links.

  • Stealing sensitive data from the DOM.

• Mitigation:

  • Avoid unsafe methods like eval.

  • Ensure safe handling of DOM manipulations.

Blind XSS:

• The attacker cannot directly see the effects of their payload.

• Testing: Use payloads with callbacks to verify execution (e.g., XSS Hunter Express).