Cross-site Scripting (XSS)

Description

During the scan, Kayran managed to find an XSS vulnerability,

Cross-site Scripting (XSS) is a security vulnerability in web applications that is caused by not validating inputs from the user, which could allow an attacker to inject malicious JavaScript code. If the website lacks proper data sanitization, attackers often preform XSS attacks by sending malicious links to the user and enticing the user to click it.

Cross-site scripting vulnerabilities usually allow an attacker to impersonate as a victim user. The malicious link executes the attacker’s chosen code on the user’s system which could allow the attacker to steal the user’s active session cookie.

XSS have 3 different situations but all of them require 1 important condition which is reflection.
Self XSS –
The first and the less unharmful XSS attack is by explointing an XSS only in the side of the attacker without the abillty of infecting others.
this situation does need to be fixed but cannot cause any damage by herself alone.

Reflected XSS –
As mentioned earlier, the very import condition of XSS to exist is the reflection on the page. So, reflected XSS take advantage from that idea.
for example: if url of search page in a site will be – https://example.com/search?s=some+query and an attacker will found that the parameter query does have a reflection in the site, an attacker might found place of reflection without validation and preform the XSS right there, with that being done he will be able to infect other users and computer by just sending them the link with the malicious code.


Stored XSS –
Stored XSS is the most harmful situations of all three. An attacker will preform it in place like comment section or post publishing.
it will infect other users by seeing the post or the comment with the JavaScript code injected by the attacker.

Recommendation

Sanitizing user input

Input sanitization is a measure of checking, cleaning, and filtering data inputs from any unwanted characters and strings to prevent the injection of harmful codes into the system. From the user’s browser, data input travels through GET request, POST request, and cookies, hackers can manipulate the data that is being sent. 

This can be done in three ways:

  • Whitelist sanitizing
    Allows only valid characters and code strings.
  • Blacklist sanitizing
     Cleaning the input by removing any unnecessary characters.
  • Escape sanitizing
     Refuse invalid data requests in order not to be seen as codes.

References

https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html

< Return to all Vulnerabilities

What is a CWE ?

Similar to the article written on CVEs, in this article we will answer the questions :What is CWE ? and, what is the difference between

Read More »

Exposing the GIT

Let’s start with defining the meaning of GIT. GIT – is an open-source system which we use as a tool to store data and information

Read More »