Cross-site Scripting (XSS)

Description

Cross-site scripting (XSS) is a security vulnerability in web applications that is caused by unvalidated inputs from the user, which could allow an attacker to inject malicious Javascript code.

Attackers often initiate an XSS attack by sending a malicious link to a user and enticing the user to click it. If the website lacks proper data sanitization.

Bussines Impact

Cross-site scripting vulnerabilities usually allow an attacker to impersonate as a victim user.

the malicious link executes the attacker’s chosen code on the user’s system which could allow the attacker to steal the user’s active session cookie.

Recommendation

Sanitizing user input

Input sanitization is a measure of checking, cleaning, and filtering data inputs from any unwanted characters and strings to prevent the injection of harmful codes into the system.

From the user s browser, data input travels through GET request, POST request, and cookies, hackers can manipulate the data that is being sent. 

This can be done in three ways:

This can be done in three ways:

  • Whitelist sanitizing Allows only valid characters and code strings.
  • Blacklist sanitizing  Cleaning the input by removing unwelcomed characters.
  • Escape sanitizing  Refuse invalid data requests in order not to be seen as codes.

For example:

  • < converts to: &lt;
  • > converts to: &gt;

and so go on. 

More Details

XSS has 3 different situations but all of them require 1 important condition which is reflection.

Self XSS-
The first and the less unharmful XSS attack is by exploiting an XSS only in the side of the attacker without the ability to infect others.
this situation does need to be fixed but cannot cause any damage by herself alone.

Reflected XSS-
As mentioned earlier, the very important condition of XSS to exist is the reflection on the page. So, reflected XSS takes advantage of that idea.
for example: if the URL of the search page in a site will is – https://example.com/search?s=some+query and an attacker will find that the parameter query does have a reflection in the site, an attacker might find a place of reflection without validation and perform the XSS right there, with that being done he will be able to infect other users and computer by just sending them the link with the malicious code.

Stored XSS-
Stored XSS is the most harmful situation of all three. An attacker will perform it in places like the comment section or post publishing.
it will infect other users by seeing the post or the comment with the javascript code injected by the attacker.

Reference

https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html

Crossing Scripts – XSS

Injections. SQL Injections. Cross-site Scripting (hence the amazing title “Crossing Scripts – XSS”). There all sorts of Injection-Based attacks, if you want to read about

Read More »

SQLI to RCE

How to preform SQLI TO RCE? One of the most interesting and important things about any site is the database. So, it’s important to protect

Read More »

HAR Files

In this article, I’ll talk and explain about HAR Files, so if you don’t know what they are, or, what do we use them for,

Read More »