Differences

This shows you the differences between two versions of the page.

--- xss:about_xss [2016/10/10 00:37] – peter
+++ xss:about_xss [2020/04/15 08:44] (current) – removed peter
@@ Line 1: / Line 1: @@
-====== XSS - About XSS ======
-===== What is XSS? =====
-Cross-site scripting (XSS) is a code injection attack that allows an attacker to execute malicious JavaScript in another user's browser.
-The attacker does not directly target his victim.  Instead, he exploits a vulnerability in a website that the victim visits, in order to get the website to deliver the malicious JavaScript for him.  To the victim's browser, the malicious JavaScript appears to be a legitimate part of the website, and the website has thus acted as an unintentional accomplice to the attacker.
-===== How the malicious JavaScript is injected =====
-The only way for the attacker to run his malicious JavaScript in the victim's browser is to inject it into one of the pages that the victim downloads from the website.  This can happen if the website directly includes user input in its pages, because the attacker can then insert a string that will be treated as code by the victim's browser.
-In the example below, a simple server-side script is used to display the latest comment on a website:
-<code html>
-print "<html>"
-print "Latest comment:"
-print database.latestComment
-print "</html>"
-</code>
-The script assumes that a comment consists only of text.  However, since the user input is included directly, an attacker could submit this comment: <color red>"<script>...</script>"</color>.  Any user visiting the page would now receive the following response:
-<code html>
-<html>
-Latest comment:
-<script>...</script>
-</html>
-</code>
-When the user's browser loads the page, it will execute whatever JavaScript code is contained inside the <script> tags.  The attacker has now succeeded with his attack.