During the scan, Kayran managed to find an XSS vulnerability,
Cross-site scripting vulnerabilities usually allow an attacker to impersonate as a victim user. The malicious link executes the attacker’s chosen code on the user’s system which could allow the attacker to steal the user’s active session cookie.
XSS have 3 different situations but all of them require 1 important condition which is reflection.
Self XSS –
The first and the less unharmful XSS attack is by explointing an XSS only in the side of the attacker without the abillty of infecting others.
this situation does need to be fixed but cannot cause any damage by herself alone.
Reflected XSS –
As mentioned earlier, the very import condition of XSS to exist is the reflection on the page. So, reflected XSS take advantage from that idea.
for example: if url of search page in a site will be – https://example.com/search?s=some+query and an attacker will found that the parameter query does have a reflection in the site, an attacker might found place of reflection without validation and preform the XSS right there, with that being done he will be able to infect other users and computer by just sending them the link with the malicious code.
Stored XSS –
Stored XSS is the most harmful situations of all three. An attacker will preform it in place like comment section or post publishing.
Average Score – 9.0 High
Sanitizing user input
Input sanitization is a measure of checking, cleaning, and filtering data inputs from any unwanted characters and strings to prevent the injection of harmful codes into the system. From the user’s browser, data input travels through GET request, POST request, and cookies, hackers can manipulate the data that is being sent.
This can be done in three ways:
- Whitelist sanitizing
Allows only valid characters and code strings.
- Blacklist sanitizing
Cleaning the input by removing any unnecessary characters.
- Escape sanitizing
Refuse invalid data requests in order not to be seen as codes.