Cross Site Scripting - I





Cross Site Scripting - I



What is Cross Site Scripting ?

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications, such as web browsers through breaches of browser security, that enables attackers to inject client-side script into Web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same origin policy

Types of Cross Site Scripting

XSS attacks are broadly classified into 3  types

•    Non-Persistent ( Reflection Attack )
•    Persistent ( Stored Attack )
•    Dom Based XSS

Non-Persistent XSS Attack


In case of Non-Persistent attack, it requires a user to visit the specially crafted link by the attacker. When the user visits the link, the crafted code will get executed by the user‘s browser. Let us understand this attack better with an example.

Example for Non-Persistent XSS



When the victim load the above URL into the browser, he will see an alert box which says
.Even though this example doesn‘t do any damage, other than the annoying attacked
pop-up, you can see how an attacker can use this method to do several damaging things.

Again using Local Host DVWA Performing Xss Reflection Attack




Enter Any Name and Submit Check the Response of the Website
 




Example I used My Name Noah Franklin  See the Response of the Website its say Hello Noah

Franklin






The alert () method displays an alert box with a specified message and an OK button use the script which used in the below .
 



0 comments:

Post a Comment