Cross Site Scripting (XSS) is a name of one of the most common vulnerability in web applications. It's third in the list of the newest OWASP Top Ten document so it's essential to know how it works.
Powefull, right? But enough story time for today, let's jump into some technical details.
Potential results of XSS attack
- Stealing session cookies
With that attacker is being able to steal someone's logged session - like in the story.
- Substituting a content of a website
Users can be tricked into thinking that "Your site have been hacked".
- Capture the keys pressed by the user
Ability to log what someone is writing... I don't have to say why it's useful ;)
- Crash the browser
Local Denial Of Service Attack. Mostly frustrating.
Redirect user’s browser to another website
Attacker can redirect the browser to another webpage that may be prepared with some customized malware ready to attack victims operating system.
Creating fake HTML form
Where an attacker would be able to trick user into entering their credentials and form would send them to an attacker.
Types of XSS attacks
Let's take a look at this simple PHP code:
Which would take an username from the URL just like that:
If you open the web and view the source code it would look like this
After checking the source code of the same webpage opened with this URL, you would notice that the alert box with "XSS" text was triggered.
Now with that knowledge you can enter some more malicous code. Reflected XSS attack ready ;)
DOM Based XSS is an attack where the malicious code is executed as a result of modyfing DOM (Document Object Model). It's rarest type of XSS attack. Read more at OWASP.
1. With script tag
2. With body tag
3. With img tag
4. Or any other tag
5. Resource tag like iframe
6. Or object tag
How to prevent XSS?
All right, as we know how XSS attacks works, let's move on to prevention. Essential thing to do is to filter any data sent from the user before viewing them in application (like "<" and ">", tag attributes or HTML entities ).
That method will prevent most of the XSS attacks but for the most sophisticated ones it may be helpful to read XSS Prevention Sheet. Another helpful thing would be prevention on the client side - like installing NoScript addition.
As always - thanks for reading and exploring this topic with me. Now after better understanding of XSS we can look for vulnerabilities in many different web applications.