Introduction to XSS

Now let's learn more about XSS. This type of vulnerability allows an attacker to inject JavaScript into a page. JavaScript is a programming language, and using this vulnerability, an attacker would be able to execute code written in JavaScript into a certain page, such as a website. JavaScript is a client-side language, so when the code is executed, it will be executed on the client, on the user, the person who is browsing the web page. It's not going to be executed on the server, so even if our code results in us getting a reverse shell, the shell will be coming from the user who is browsing the page, not from the website. So any code we write in JavaScript will be exploited or will run on the target user—on the people who see the web pages—and not on the web server. So, the web server is only going to be used as a means of executing or delivering the code.

There are three main types of XSS vulnerabilities:

  • Persistent or stored: Stored XSS gets stored in the database. The code that we inject will be stored in the database or the page so that every time any person views that page, our code will be executed.
  • Reflected: With reflected XSS, the code will only be executed when the target user runs a specific URL that is crafted or written by us. So we will be manipulating some sort of URL and sending it to a target, and when the target runs that URL, the code will be executed.
  • DOM-based: DOM-based XSS results from JavaScript code that is written on the client, so the code will actually be interpreted and run on the client side without having any communication with the web server. This could be very dangerous because sometimes web servers apply security and filtration measures to check for XSS, but with DOM-based XSS, the code never gets sent to the web server. This means that the code would be interpreted and run on the web browser without even interacting with the web server, and will be present in websites that update their content without refreshing. We've all used websites where we enter our username, for example, and it loads straight away without having to check with the web server, or perhaps we enter some sort of a string and it performs a search without communicating with the web server; whatever the process, some websites perform functions without communicating with their web server. If we are able to inject into these kinds of website, then such injections will not be validated, and they will be executed straight away and bypass all validations.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.16.15.149