A3 Cross-Site Scripting(XSS)

A3 CROSS-SITE SCRIPTING (XSS)

Introduction

XSS is an attack that inject scripts on a safe website making the website unsafe. XSS can happen in any input field and uses different variables to carry out different types of attacks. There are three known types of XSS flaws which are stored, reflected and DOM based XSS. This vulnerability can be deface web sites, insert hostile content, redirect users, and hijack the user’s browser using malware.

Tools needed:

BurpSuite
XSSme plugin from Firefox

Video

XSS

XSSme

Other possible methods:

Some tips of solving the vulnerability is to:

Use preg_match to remove the special characters like (",",!,@,#,') or strings like (<alert>) for login fields
Prevent open input to the user whenever possible

Home

A3 CROSS-SITE SCRIPTING (XSS)

Introduction

Tools needed:

Video

PENETRATION