XSS – Cross Site Scripting attacks

Cross site scripting attack (XSS)

XSS is the attack in which malicious java script code is injected in to other web sites. When the malicious code is executed in the victim’s browser, sensitive data (e.g. cookies) could be stolen.

Types of XSS attacks

XSS attacks can be categorized into 3 types.

  1. Persistent – In these types of attacks, malicious code is stored in the database. So whenever the page gets the data from database, malicious code is executed on the victim’s browser.
  2. Non- Persistent – In these types of XSS attacks, malicious code is not stored in the database.
  3. DOM scripting

XSS test sites

You can see how XSS attacks are carried out on below test sites.

  1. https://www.insecurelabs.org/Talk/Details/1
  2. https://www.ryannedolan.info/teaching/cs4830/examples/vulnerability-examples/xss-examples

To set the cookie, you can use below JavaScript.
document.cookie=”name=paul;id=2828″;

How to prevent XSS attacks

XSS attacks can be prevented by taking below precautions.

  1. Always sanitise the data entered by the user in forms.
  2. Do not allows special characters (e.g. symbols like <, > etc) in the HTML forms.

You may also like...