Cross-site scripting (XSS) vulnerabilities allow attackers to inject client-side scripts into web pages viewed by other users. There are three main types of XSS attacks: stored XSS, where malicious scripts are permanently stored on the target servers; reflected XSS, where scripts are reflected off the web server in response to user requests; and DOM-based XSS, where scripts are executed after a page loads due to unsafe JavaScript handling of untrusted data. To prevent XSS, output variables should be encoded using the htmlentities function to replace special characters that could be parsed as active content.

1. Web Attacks
Vulnerabilities
XSS
1

2. 2
Cross-Site Scripting (XSS)
inject JavaScript into web pages.
The data enters the Web application through an
untrusted source, most frequently is a web request.
The data is included in dynamic content that is sent to a
web user without being validated for malicious code.
The malicious content sent to the web browser often
takes the form of a segment of JavaScript, but may
also include HTML, Flash or any other type of code
that the browser may execute.
There are 3 types of XSS: Stored, Reflected and DOM
DOM XSS
DOM-based XSS, the malicious JavaScript is executed
after the page has loaded, as a result of the page's
legitimate JavaScript treating user input in an unsafe
way.
(locally in the browser, doesn’t relate to the server at
all)
Stored XSS
Stored XSS attack is the most powerful XSS, because it
is Stored on the web server, everyone who gets into the
page where the XSS is stored is vulnerable.
Blog is one of the examples for Stored XSS injection.
Reflected XSS
reflected XSS attack, the malicious string is part of the
victim's request to the website. The website includes
the malicious string in the response when sent back to
the user.
Search Engine is one of the examples for Reflected XSS
injection.

3. DOM XSS - Example
Example:
Edit the script and add the following.
<b onmouseover="alert('DOM
XSS')">XSS link</b>
3
When you slide your mouse on
the text “XSS link” the XSS will be
activated.

4. Reflected XSS - Example
Example:
The method is GET, It means we can see
the variable at the URL.
For example in the URL below, we have 2
variables (firstname ,lastname).
http://example.com/bWAPP/xss_get.ph
p?firstname=hackeru&lastname=hacker
u&form=submit
We need to inject the script in one of
the variables to execute the attack.
“><script>alert(‘Reflected XSS’)</script>
http://example.com
/bWAPP/xss_get.php?firstname=“><scri
pt>alert('Reflected+XSS')</script>&lastn
ame=1&form=submit
4

5. Stored XSS - Example
Example:
Blog is one of the best examples of
Stored XSS because everything is stored
on the server.
To execute this attack all you need to do
is submit the following script to the
WebServer.
<script>alert('Stored XSS')</script>
5

6. 6
XSS

7. 7
XSS Prevention
Protection
To Prevent XSS, use htmlentities
function on the output variables.
Htmlentities encodes the special
characters.
htmlentities prevents the xss from
running, for example by encoding
the special characters(<> are
replaced to &lt(lowerthan) and
&gt(greaterthan)) in that way,
without those special characters,
the server cant parse the content as
javascript.
Htmlentities encoding Example:
Example:
<?php
$str = “<b>bold</b>”;
// Outputs: &lt;b&gt;bold&lt;/b&gt;
echo htmlentities($str);
?>