Cross Site Scripting (XSS) Tutorial 2016
Asalamualaikum All my Muslim Friends Today I will share a little bit knowledge of Cross Site Scripting (XSS) with you Just for educational purpose. Also if you have XSS vulnerable site you can use Acquintex to prevent Xss Attack ok so lets begin the game of XSS Attack with Malik Ubi .
Cross Site Scripting or XSS, is a type of security
vulnerability on web applications which allows an
attacker to execute code on the target website from a
user's browser, often causing side effects such as data
compromise, or the stealing of a user session.
Types of Cross Site Scritping :
There are mainly 3 types of Cross-Site
Scripting
1. Stored/Non-Reflective/Persistent Cross Site
Scripting.
2. Non-Stored/Reflective/Reflected Cross Sited
Scripting.
3. DOM based cross site scripting
1. Non-Stored/Reflective/Reflected Cross Sited
Scripting.
Reflected XSS is the most frequent type of XSS
attacka.This attack is also known as non
persistent XSS attacks and, since the attack
payload is delivered and executed via a single
request and response.
2. Stored/Non-Reflective/Persistent Cross Site
Scripting.
Persistent XSS is more dangerous than
reflective XSS. This attack embeds the
malicious script permanently into the web
application. The script will then wait until
people access the page it is located on.
Example of Persistent/Non-Persistent based
XSS scripts are
<script>alert(0)</script>
"><svg/onload=prompt(/XSS-Tested-By-Malik-Ubi/);>
"/><img src=x onerror=prompt(/XSS-Tested-
By-Malik-Ubi/)>
3. DOM based cross site scripting
DOM-based XSS is not considered a standalone
classification of XSS as it overlaps somewhat with
Reflected and Stored XSS. However, it’s called out
separately due to one very important distinction. Unlike
Reflected and Stored XSS - whose payloads are
embedded in the HTML responses sent from the server -
DOM-based XSS exists almost purely in the victim’s
browser.
Example of DOM based XSS scripts are
/default.aspx#"><img src=x onerror=prompt
("XSSed By Malik Ubi");>
/default.aspx#"><img src=x onerror=prompt
("XSSed By Malik Ubi");>
Tutorial by: Mαℓïк_Цвï
Post A Comment
No comments :