What is Cross-Site Scripting (XSS)?
It is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy. Cross-site scripting carried out on websites accounted for roughly 84% of all security vulnerabilities documented by Symantec as of 2007. Their effect may range from a petty nuisance to a significant security risk, depending on the sensitivity of the data handled by the vulnerable site and the nature of any security mitigation implemented by the site’s owner.
Actors in an XSS attack
- The websiteserves HTML pages to users who request them. In our examples, it is located at http://website/
- The website’s databaseis a database that stores some of the user input included in the website’s pages
- .The victimis a normal user of the website who requests pages from it using his browser.
- The attackeris a malicious user of the website who intends to launch an attack on the victim by exploiting an XSS vulnerability in the website.
- The attacker’s serveris a web server controlled by the attacker for the sole purpose of stealing the victim’s sensitive information. In our examples, it is located at http://attacker/
How attack works?
1)The attacker uses one of the website ‘s forms to insert a malicious string into the website’s database.
2)The victim requests a page from website.
3)The website includes the malicious string from the database in the response and sends it to the victim.
4)The victim’s browser executes the malicious script inside the response,sending the victim’s cookies to the attacker’s server.
- Account Hijacking
- Stealing Credentials
- Exfiltrate Senstive Data
Xss is a versatile attack vector when opens the door to a large number of social-engineering and client-sideattacks. As shown,it could be used to steal sensitive information, such as sessions tokens,user credentials or commercially valuable data,as well as to perform sensitive operations.
Sources: wikipedia, OWASP, google.