An XSS vulnerability arises when web applications take data from users and dynamically include it in web pages without first properly validating the data. XSS vulnerabilities allow an attacker to execute arbitrary commands and display arbitrary content in a victim user's browser. A successful XSS attack leads to an attacker controlling the victim’s browser or account on the vulnerable web application. A successful XSS attack can lead to following problems :
- Stealing the Identity and Confidential Data(credit card details).
- Bypassing restriction in websites.
- Session Hijacking(Stealing session)
- Malware Attack
- Website Defacement
- Denial of Service attacks(Dos)
- keylogging
- Phishing attacks
Demonstration of XSS attack :
If you have basic understanding of HTML, Javascript, HTTP Client-Server architecture and some basic knowledge about server side languages like php, asp, jsp, then you can easily understand how xss works. I highly recommend you to read about these topics :
HTML : Reference
Javascript : Reference
HTTP Client-Server architecture : Reference
Server-Side Language : Reference
Cross site scripting is nothing but injection of client side scripts into a website. These scripts can be HTML scripts or JavaScript scripts. Now the question would be how can a person inject scripts on a running page. This can easily be done using all the various ways a website is collecting inputs. Cross site scripting can be performed by passing scripts in form of:
- TextBox (input controls)
- Query Strings
- Cookies
- Session variables
- Application variables
- Retrieved data from an external or shared source
Now let us see some basic example of cross site scripting. For demonstration of XSS attack i am going to use Web For Pentester VM, it is nothing but a Vulnerable Machine to practice and learn about Web Application Security. To install Web For Pentester VM on your system please check my previous post here.
The above web page accept a value as a name for the parameter name, then prints it on the page. Now if we provide crafted javascript code, then the webpage will also try to print it, but at this time our crafted javascript code or XSS payload will execute and show a message box on the browser.
payload :
http://192.168.56.101/xss/example1.php?name=<script>alert(1)
alert() function is a javascript function which is used to show a dialog box with message. The <script>alert('Xssed')</script> is widely used javascript code to test for the xss vulnerability in web apps and also the easiest one, and at here the <script>/</script> tag is used to show the starting and ending of the javascript code. Now if we see the code of xssed webpage then it does not sanitized our provided data and just put it as it is in the page, and our browser will interpret it as javascript code.
This is very basic type of XSS vulnerability, where the developer of webpage will forget to check or sanitize the user supplied data, and just print them on page. This type of xss vulnerability is known as Reflected xss. There are three types of XSS vulnerability :
- Reflected XSS
- Stored XSS
- DOM-Based XSS
We will look at these XSS types in next post.
Conclusion :
In this post we learn the basics of XSS vulnerability and saw an example of Reflected XSS. Now in next post we look at the types of XSS vulnerability with more details.
Links
Reflected XSS : Click here
Stored XSS : Click here
DOM Based XSS : Click here
Links
Reflected XSS : Click here
Stored XSS : Click here
DOM Based XSS : Click here