{"id":16,"date":"2021-11-24T15:35:00","date_gmt":"2021-11-24T08:35:00","guid":{"rendered":"https:\/\/n45ht.or.id\/blog\/?p=16"},"modified":"2024-12-14T12:18:44","modified_gmt":"2024-12-14T05:18:44","slug":"xss-101","status":"publish","type":"post","link":"https:\/\/n45ht.or.id\/blog\/xss-101\/","title":{"rendered":"XSS 101"},"content":{"rendered":"\n

What is XSS?<\/h4>\n\n\n\n

Cross-site scripting (XSS) is the most common vulnerability in web applications and allows an attacker to control the victim’s browser and its interaction with a given website. XSS is carried out by the Attacker by entering the client script code into a site via URL parameters or input fields and others, website applications that have this weakness allow the Attacker to manipulate a page. This manipulation, commonly called injection, is an XSS attack.

The browser displays a page with HTML (Hypertext Markup Language) and a programming language commonly called JavaScript. JavaScript is responsible for making things run in response to actions that occur on a web\/application, for example, such as loading another page, drag\/drop functions on a page, or whatever web pages do quickly (without having to reload\/reload). ) are the things that JavaScript does.

In an HTML document, JavaScript can run using the <script> <\/script> tag. If Attacker can do that tag injection (all JavaScript code can be executed if there is no filter at all) and Attacker will have full control over it.

JavaScript can also appear in HTML elements, plain tags. With built-in event handlers, such as “onload” (when a page element is loaded by the browser) or “onmouseover” (when the mouse pointer is over something), JavaScript code can also be executed. This increases the number of vectors for XSS attacks.<\/p>\n\n\n\n

XSS Type<\/h4>\n\n\n\n

XSS bisa terjadi dikarenakan kode (response) dari server atau dari sisi client karena request yang diminta oleh browser.<\/p>\n\n\n\n