1. What is XSS?
⇒ Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites.
2. Why is it called Cross-Site?
⇒ As It actually involves the interaction across two different sites: Attacker’s and Server’s site.
Explaining the above flyer made by @sec_r0 ⇒
foo.com as a web page requested by client who sends some input to the server at foo.com. Server send the same input by putting that in HTML response and the webpage gets loaded into the client Browser.
There’s actually a
GET request going to the server with let’s say a
/search?q=foo parameter. The server responds with “Foo not found” on the web page which shows it is reflecting data entered by user back to client.
Attacker now tests for xss vulnerabilty into the
/search?q= parameter through a
<script> tag and creating an
alert(1) dialog box. There the attacker notices that
<script> tag is getting injected into the HTML response and an alert dialog box appears as seen in sub-step4.
What you just saw in step3. was a self-xss as the payload was injected in attacker’s own session. Attacker now tries to inject the code to steal the User cookie data in next step.
We would like to break this step in to sub-steps for you to get a more clear view of the whole attack:-
Step1 ⇒ Attacker hosts a phishing page say http://attacker.com/attack and in that site there is a script which triggers attack payload by redirecting user to
foo.com(vulnerable) domain with Xss payload in it and includes his phishing link in to the vulnerable site’s parameter like this:-
Step2 ⇒ Attacker sends the phishing link to the victim, victim clicks on the link.
Step3 ⇒ Browser performs the client side redirection request.
Step4 ⇒ Client is redirected to the XSS vulnerable site i.e.
Step5 ⇒ The
/search?q= parameter gets injected into the HTML response of the user’s session i.e. recieved by the client in his/her web browser.
Step6 ⇒ The XSS payload is executed which was to get user cookies in attacker’s controlled site and the attacked recieves the stolen cookies onto his location.
Do you want the HD version of this flyer to download for free ? Why don’t you consider going to SecurityZines to Download the original and clear Flyer version of XSS explained above? Link below.
⇒ SecurityZines Reflected - Cross Site Scripting XSS Flyer