XSS Notes
Most Common Locations for XSS Vulnerabilities
Search fields that echo a search string back to the user
Input fields that echo user data
Error messages that return user supplied text
Hidden fields that contain user supplied data
Any page that displays user supplied data
Message boards
Free form comments
HTTP Headers
What can XSS Do?
Steal session cookies
Create false requests
Create false fields on a page to collect credentials
Redirect a page to a "non-friendly" site
Create requests that masquerade as a valid user
Steal confidential information
Execute malicious code on an end-user system (active scripting)
Insert hostile and inappropriate content
Types of XSS
Reflected
Malicious content from a user request is displayed to the user in a web browser
Malicious content is written into the page after server response
Social Engineering is required
Runs with browser privileges inherited from user in browser
DOM-based (also technically reflected)
Malicious content from a user request is used by client-side scripts to write HTML to its own page
Similar to reflected XSS
Runs with browser privileges inherited from user in browser
Stored or Persistent
Malicious content is stored on the server (in a database, file system, or other object) and later displayed to user in a web browser
Social engineering is not required
Last updated
