Week 6 - XSS Types
Last updated
Last updated
I have a little something to make your day better: a summary of the types of Cross-Site Scripting! Reflected XSS: Occurs when an attacker can inject JavaScript code into the GET/POST parameters of an HTTP Request, which will then be rendered (by the server) within the page’s source code. To use this maliciously an attacker must trick a user into running the specific payload within the vulnerable parameter (Example: localhost/index.php?vulnerable=”><script>alert(1)</script>) Stored XSS: When an attacker’s JavaScript payload is stored within the server or database (Example: submitting a comment on an Amazon product). Then, when this payload is called by the server and placed on the page, it executes as JavaScript. This is the most severe form of #XSS, since the payload will run every time the page is loaded, meaning an attacker will not have to trick a user into loading a specific request with the vulnerable parameter. The server takes care of it for us. DOM-Based XSS: Occurs when an attacker’s JavaScript payload never reaches the server and is instead included within an application’s source code by existing JavaScript on the page. Usually, vulnerable JavaScript within a website will pull our payload from a GET parameter or hash (localhost/index.php#this-is-a-hash) and place it directly onto the Document Object Model, where it is then executed. Self XSS: A user is tricked into copying and pasting the attacker’s payload into their browser’s developer console. This is commonly used by scammers and requires an unknowing user’s full compliance.