2. What damage can XSS cause?
Attacker can execute scripts in a victim’s browser to hijack user
sessions, deface websites, insert hostile content, redirect users, hijack
the
user’s browser using malware, etc.
3. What kind of applications are vulnerable
to XSS attacks?
Whenever it takes untrusted user data and sends it to a web browser.
WASC revealed that 58% of the applications are vulnerable to XSS.
5. Terminology
Active content – Malicious data embedded in user.
Input which should always be text.
Malicious data – Attacker embedded JavaScript in user input.
Injected code – same as malicious data.
Payload – same as malicious data.
Script – JavaScriptUser input – User supplied data like recipient email
address.
Untrusted data – same as user data.
6. Reflected XSS
Reflected XSS attacks, also known as non-persistent
attacks, occur when a malicious script is reflected off of a
web application to the victim's browser. The script is
activated through a link, which sends a request to a
website with a vulnerability that enables execution of
malicious scripts.
8. Impact of Reflected XSS attacks
If an attacker can control a script that is executed in the victim's browser,
then they can typically fully compromise that user. Amongst other things,
the attacker can:
Perform any action within the application that the user can perform.
View any information that the user is able to view.
Modify any information that the user is able to modify.
Initiate interactions with other application users, including malicious
attacks, that will appear to originate from the initial victim user.
9. Stored XSS
• Stored attacks are those where the injected script is permanently
stored on the target servers, such as in a database, in a message
forum, visitor log, comment field, etc. The victim then retrieves the
malicious script from the server when it requests the stored
information. Stored XSS is also sometimes referred to as Persistent
XSS
11. Impact of stored XSS attacks
If an attacker can control a script that is executed in the victim's
browser, then they can typically fully compromise that user. The
attacker can carry out any of the actions that are applicable to the
impact of reflected XSS vulnerabilities.
In terms of exploitability, the key difference between reflected and
stored XSS is that a stored XSS vulnerability enables attacks that are
self-contained within the application itself. The attacker does not need
to find an external way of inducing other users to make a particular
request containing their exploit. Rather, the attacker places their
exploit into the application itself and simply waits for users to
encounter it
12. DOM Based XSS
• DOM Based XSS (or as it is called in some texts, “type-0 XSS”) is an
XSS attack wherein the attack payload is executed as a result of
modifying the DOM “environment” in the victim's browser used by
the original client side script, so that the client side code runs in an
“unexpected” manner.
14. Impact of DOM attacks
• DOM XSS can have huge implications for a web application and its
users. User accounts can be hijacked, credentials could be stolen,
sensitive data could be exfiltrated, and lastly, access to your client
computers can be obtained
15. How to Prevent Stored and Reflected XSS?
1. Validate input – be very strict
2. Validate output – use untrusted data for display only
3. Eliminate dangerous insertion points
16. How to Prevent DOM Based XSS?
1. Validate input
2. Avoid using untrusted data in sensitive client side actions
3. Analyze and harden client side JavaScript code