Summarising, an XSS attack is carried out in two steps:
- Data from an untrusted source is entered in a web application.
- This data is subsequently included in dynamic content that is sent to web users and executed by their browsers.
There are different kinds of XSS attacks differing in how the malicious script is stored and how the attack works.
Persistent XSS Attacks
The first kind of attack goes by the name of persistent attacks or alternatively stored attacks. These attacks are very simple. As the name suggests, the injected code is stored on the vulnerable server. For example, it may be stored in a database, on a message board, or in a comment field. Whenever a victim requests and subsequently displays the stored information, the malicious code is executed by the victim’s browser.
Reflected XSS Attacks
The second kind of XSS attacks are called either non-persistent attacks or reflected attacks. In these attacks the data provided by the client, for example, in query parameters, is used by the server to generate a page of results for the user. The attack exploits the fact that the server may fail to sanitize the response.
DOM-Based XSS Attacks
A third kind of XSS attacks are called DOM-based attacks, where DOM stands for document object model. The DOM defines the objects and properties of all ele- ments of an HTML document and the methods used to access them. In particular, an HTML document is structured as a tree, where each HTML element corresponds to a node in the tree. The DOM allows dynamic modifications of elements of the web page on the client side.
Published on Fri 22 June 2012 by Mal Torrance in Security with tag(s): xss