attackers को vulnerable applications के साथ users की interactions को compromise करने की permission देता है. attacker को same origin policy को circumvent करने देता है, जो अलग-अलग websites को एक-दूसरे से segregate करने के लिए design की गई है.

How it works?

XSS vulnerable website को manipulate करके malicious JavaScript, users को return करता है. when this code executes in the victim’s browser, तो attacker पूरी तरह से उनके interaction को compromise कर सकता है.

Types of XSS Attacks:

1. Reflected XSS: जब malicious script current HTTP request से आता है.
2. Stored XSS: जब malicious script website के database से आता है.
3. DOM-based XSS: जब vulnerability client-side code में होती है बजाय server-side code के.

Reflected cross-site scripting

application receives data in a request and includes that data within the immediate response in an unsafe way

eg: a typical way of request and response

<https://insecure-website.com/status?message=All+is+well>.
<p>Status: All is well.</p>

if, application doesn't perform any other processing of the data. attacker constructed an attack..

<https://insecure-website.com/status?message=><script>/*+Bad+stuff+here...+*/</script>
<p>Status: <script>/* Bad stuff here... */</script></p>

If the URL constructed by the attacker is visited by a victim, then script gets executed in the victim’s browser, in context of that user’s session. and can carry out any action, and retrieve any data, to which the user has access

• Lab: Reflected XSS into HTML context with nothing encoded