What?
A successful XSS can be carried out when there are flaws in the written code. When the attacker injects malicious scripts into websites, and when the end-user opens the injected website, the browser loads the website with the malicious code because it thinks the script came from a trusted source.
This allows the attacker to gain control over the user's interactions with that website. Cookies can be stolen and can be used to impersonate the user.
How?
It is done by manipulating the code of the vulnerable website. This can be done if the website uses unsanitized user input. XSS attacks are most commonly seen in JavaScript, as it is fundamental to the majority of the browsers, but XSS is possible in VBScript, ActiveX, Flash, and even CSS.
Types
There are mainly 3 types of XSS:
- Stored XSS: This mainly occurs when the malicious code is stored in the server, or the database like a comments section, etc. When the user opens that particular website, the code gets executed compromising the user’s control.
- Reflected XSS: It is the simplest form of XSS. It occurs when the attacker constructs a script that is sent with the URL or the HTTP request. Generally attackers direct users to a different website, through which the malicious is executed
- DOM-based XSS: Document Object Model (DOM), this takes place completely on the client or user end, these are directly injected into the source, like
.window()or.innerHTML().
Prevention
- If possible, restrict users from entering HTML as input.
- Improve cookies security.
- Sanitizing data, removing unsafe characters before storing it on the servers.
- Use a security encoding library.
