KRiPPto99's Blog

What Is Cross-Site Scripting (XSS) attack

Photo by Shuvro Mojumder on Unsplash

What Is Cross-Site Scripting (XSS) attack

KRiPPto99's photo
KRiPPto99
·

2 min read

Table of contents

No heading

No headings in the article.

Xss is a web security vulnerability that allows attacker to compromise victims in XSS attacker can send java script malicious code, to the victim after sending victim, he will be manipulate, can steal the cookies, account take over, session hijacking

refelected XSS store XSS blind XSS dom XSS

The most common payload is

xsss1.jpg

we need to learn how to create an XSS payload for this I am dropping you a link to a lab where you learn and practice for free and easy to use prompt.ml/0

What is reflected XSS It is a client-side attack where the attacker injects a malicious script into the web application which reflects the payload here an attacker can take whole control of the script that is executed in the victim's browser the cross-site scripting payload can be injected into the URL and search bar like this anywhere where inputs are available

Impacts of reflected XSS:

  • Hackers can steal user's necessary credentials
  • Hacker can also perform account takeover
  • Hackers could also steal cookies and sessions hijacking
  • Hackers can extract user's sensitive data

These are some payloads

what is stored XSS this is something where the attacker sends a malicious link victim which reflects in the server here we can understand that in stored XSS, the payload is stored such in the field of the chat box, name, address,

Difference between reflected XSS and stored XSS is simple here in reflected XSS here attacker is attacking the client side, in stored here attacker is attacking to server-side

Stored XSS VS Reflected XSS

Reflected XSS -> STORE== reflect back Stored XSS -> DATABASE -> Reflect Back

xsss3.jpg

Impacts:

  • Hackers can deface the website
  • Hackers can steal the user's credentials
  • Hackers also can perform hijacking users session's
  • Hackers can takedowns user accounts and also take access to victim's computer

Blind XSS: Blind XSS is a vulnerability that is some sort of similar to stored but here the catch is the attacker makes a payload which is connected with his own server he made up payload with his server for example:

  1. attacker target a website -

  2. now he is injecting a malicious script to steal user information

  3. he needs to wait for victims to visit the website and for malicious script to be activated

  4. now victims' information is sent to the attacker for a while to days to fo

Impacts :

  • Hackers can perform hijacking user's currents sessions
  • Hackers can perform phishing attacks
  • Hackers can perform a man in the middle attacks

Did you find this article valuable?

Support KRiPPto99 by becoming a sponsor. Any amount is appreciated!

XSSethicalhackingBlogsWithCCSecurity