Welcome back XSSers. Today we will talk about Persistent, Reflected and DOM-based XSS attacks. Without wasting any time lets get straight to today’s topic.
Types Of Cross Site Scripting (XSS) attacks
XSS attacks can be categorized on the basis of who is executing the script as follows:
- Reflected XSS : When malicious script is executed by the client because of the vulnerability in a webpage
- Stored XSS : When malicious script is executed by the server because of the vulnerability in a webpage
- DOM-based XSS : When malicious script is executed by the client by using DOMr
If you didn’t understand a word. Don’t worry keep reading.
Most of the XSS vulnerabilities are exploited by a reflected XSS attack. Its very simple, you enter a malicious script in a input form which is vulnerable to XSS and the script gets executed. If you want to attack a user, you can simply send him a link with your malicious script.
For example, I exploited a website’s search form and the webpage which executed my malicious script has the following URL:
Now if I send this link to someone and he opens it then my malicious script will be executed in his browser. This kind of XSS i.e. Reflected XSS is temporary as it can be executed only when you visit a malicious URL.
This type of XSS occurs when a hacker injects a malicious script and it gets stored in the database of the website and gets executed every time when a user visit the infected page. Yes. I said it gets stored.
This input form is vulnerable to XSS in which I have entered my malicious script.
Now my comment i.e. malicious script will get stored in the database of the website and everyone visiting the page that I have commented on will get a pop up like this:
A hacker can easily insert a cookie stealing script, a redirection script, a phishing page and what not?
Take a look at this code
<html> <head> </head> <body> <script> var pos=document.URL.indexOf("input=")+6; //finds the position of value var userInput=document.URL.substring(pos,document.URL.length); //copy the value into userInput variable document.write(unescape(userInput)); //writes content to the webpage </script> </body> </html>
This code is vulnerable to DOM based XSS as it renders the webpage according the input submitted by the user. So a hacker might send a link like example.com/index/doc.php?m=Click <a href=”phishing_site.com”>here</a>.
Which will render the page like this:
So I can send this to anyone and their browser will render the this page and not the server.
Well these are the three basic types of an XSS based attacks. Actually there is one more which often gets excluded while someone talks about XSS i.e. Self XSS.
A hacker may ask you to open up the developer console (opens with Ctrl+Shit+I in Firefox) and ask you enter a script there:
No! You are not hacking anyone’s email account by pasting some script in here. You got tricked by hacker! This is an example of self XSS where the user attacks himself. *Suicide LOL*
That’s all folks!
We will keep discovering the vast world of XSS in upcoming articles.
Till then keep hacking keep XSSing!
Also Read: How to find Admin Panel of a website?