Cross-site scripting (XSS) a common vulnerability that is carried out when an attacker injects malicious JavaScript into a website, which then targets the website’s visitors. By doing so, the attacker may gain access to users’ cookies, sensitive user information, as well as view and/or manipulate the content that is shown to the user.
Reflected XSS
Reflected XSS means that the payload is reflected, i.e. the server reads it from the request and includes it as part of the response as well.
An attack like this requires getting the user to click on a link that includes the payload. There are several ways to achieve this; sending the link as an email or buying advertisements on a website that you know the victim is going to visit are two potential ways.
Stored/Persistent XSS
Persistent or Stored XSS means that the payload is saved on the actual page, not in the request that is then reflected.
As the malicious JavaScript is saved on the page, this attack does not necessarily require you to send the victim any specific link. It depends on where on the page it is saved. If the XSS is in the latest searches you can just wait until the victim uses the search function by themselves. However, if it is stored in a specific forum thread you might need to send the victim a link to that post.
DOM XSS
When you visit a website, the server generates some HTML and JavaScript which it sends back to your browser. Your browser will then interpret all this and you will see the result on your screen. JavaScript can modify what you see and this is also called modifying the DOM (Document Object Model).
DOM XSS is the catch-all term for when the attacker’s JavaScript is not interpreted directly as a result of the source you get from the server, but rather ends up being interpreted after existing JavaScript on the page has modified the DOM to include it.
DOM XSS could be much more complex than this. The JavaScript does not have to read the value from the URL, there are lots of other potential sources. Two examples would be
postMessage
or that the JavaScript sends a xhr-request to another API.
If a DOM XSS reads the value from the URL this similarly to reflected XSS requires you to share a specific link with the victim to exploit it. However, if it is caused by the server sending an API request to get the latest search terms, the impact would be similar to the persistent XSS.
No comments:
Post a Comment