Hi guys welcome to Mr.Ethical Yt blog. Today we are going to learn about cross site scripting vulnerability and it's impact.cross site scripting also called as xss vulnerability.This vulnerability allows an hacker or attacker to compromise the interactions the users have with the vulnerable web application. Sometimes the attacker might get full control over the application's data and it's functionality.It is comman and identified in most of the web applications.This attack is mostly triggered to the due to the improper sanitization and validation in the user inputs.
Types of xss
There are mainly three types of xss are exists.They are
- Reflected xss
- Stored xss
- Dom-based xss
- The reflected xss also considered as non-persistent attacks.This attack occurs when a malicious script or javascript code is reflected into the website results or response.when the user opens a url constructed by an attacker,then the attacker can execute the malicious script in the users browser that can retrieve the user data.
- The stored xss is considered as persistent attacks or second order xss. This can cause more damage than reflected xss and Dom based xss. It occurs when an attacker injects a malicious script directly into the vulnerable web application.When a user opens the affected web application in their browser, the XSS payload which was injected by the attacker into web application is served to the user browser as a part of the HTML code.It means that the user will end up the executing malicious script once the web page is viewed in the user browser.
- Dom-based xss stands for document object model.The DOM based XSS will arises when an application contains some client-side JavaScript that will processes data from an untrusted source in an unsafe way, usually by writing data back to the DOM.