comp.org.uk

Networking | Programming | Security | Linux | Computer Science | About

Cross Site Scripting (XSS) Attacks

Cross-site scripting (XSS) constitutes a kind of injection attack where an adversary injects a malicious program of his/her choice into a vulnerable trusted web site. The program is written in a scripting language such as JavaScript and is executed by the victim’s browser when displaying the vulnerable web site. This vulnerability arises when the server does not properly sanitize the input sent by the adversary and the output sent to the user.

Summarising, an XSS attack is carried out in two steps:

  1. Data from an untrusted source is entered in a web application.
  2. This data is subsequently included in dynamic content that is sent to web users and executed by their browsers.

There are different kinds of XSS attacks differing in how the malicious script is stored and how the attack works.

Persistent XSS Attacks

The first kind of attack goes by the name of persistent attacks or alternatively stored attacks. These attacks are very simple. As the name suggests, the injected code is stored on the vulnerable server. For example, it may be stored in a database, on a message board, or in a comment field. Whenever a victim requests and subsequently displays the stored information, the malicious code is executed by the victim’s browser.

Reflected XSS Attacks

The second kind of XSS attacks are called either non-persistent attacks or reflected attacks. In these attacks the data provided by the client, for example, in query parameters, is used by the server to generate a page of results for the user. The attack exploits the fact that the server may fail to sanitize the response.

DOM-Based XSS Attacks

A third kind of XSS attacks are called DOM-based attacks, where DOM stands for document object model. The DOM defines the objects and properties of all ele- ments of an HTML document and the methods used to access them. In particular, an HTML document is structured as a tree, where each HTML element corresponds to a node in the tree. The DOM allows dynamic modifications of elements of the web page on the client side.


Published on Fri 22 June 2012 by Mal Torrance in Security with tag(s): xss