A Comprehensive Guide To Types Of Cross Site Scripting Attacks
Posted By : Reena Chungade | 27-Apr-2018
Cross Site Scripting refers to an attack wherein the attacker injects a malicious script into a trusted website. Such attacks occur when any malicious code is sent to the web application, usually in browser side script format or an unencoded input from the user end whose output generates the malicious code.
Usually, XSS is used in order to send the harmful script to a user who least expects it. User's who received such scripts to not a way anyway to track the authenticity of the script, thinking it has been received from Trusted Source, such scripts can access Cookie, session tokens and sensitive information.
Different types of Cross Scripting Danger Zones
Although there are a lot of vulnerabilities, the major ones are: -
1. Stored
2. Reflected
3. DOM XSS
Stored: -
Stored XSS vulnerability occurs when users input is being stored on the target server, target servers can be a database. And then a victim can recover the data stored within the web application without which the data is secured to be presented in the browser. With the advent of HTML5 and other browser technologies, we can see the permanently stored attack payload in the victim's browser, such as the HTML5 database, which is sent to the server ever.
Reflected: -
A reflected XSS vulnerability occurs when a URL or POST data is displayed on the page without user input, which means that for the payload of an attacker, the victim has to send a ready link or post form, and the victim should click on the link. Such types of payload, are usually identified by the built-in browser XSS filters in Chrome, Internet Explorer or Edge
DOM: -
DOM-based XSS is a cross-site scripting vulnerability which appears in the DOM (Document Object Model) rather than the part of HTML. In the reflective and the stored cross-site scripting attacks once can see the vulnerability payload in the feedback page, but in the DOM based cross-site scripting, the HTML source code and the attack response will be exactly the same, i.e. the payload cannot be reached.
Cookies are important to the proper functioning of a site. To improve your experience, we use cookies to remember log-in details and provide secure log-in, collect statistics to optimize site functionality, and deliver content tailored to your interests. Click Agree and Proceed to accept cookies and go directly to the site or click on View Cookie Settings to see detailed descriptions of the types of cookies and choose whether to accept certain cookies while on the site.
About Author
Reena Chungade
Reena is a key member of the development team. She supervises the team in developing and implementing quality-assurance and quality-control methodologies to ensure compliance with regular standards, federal regulations, and customer specifications.