Overview

Cheat Sheet

https://portswigger.net/web-security/cross-site-scripting/cheat-sheet

Types of Cross Site Scripting

There are three main types of XSS attacks. These are:

• Reflected XSS - the script comes from the current HTTP request
• Stored XSS - the script comes from the website's database
• DOM-based XSS - the script is injected client-side rather than server-side

Notes

Basic Reflected XSS Attack

An example of a reflected XSS attack would be a page that accepts input from a URL parameter, and dynamically inserts it in the page without any additional processing.

An example might be a "message" parameter in a URL that is used to display a greeting on a page.

https://insecure-website.com/status?message=All+is+well.

This could be attacked like so:

https://insecure-website.com/status?message=<script>/*+Bad+stuff+here...+*/</script>

Basic Stored XSS Attack

An example of a stored XSS vulnerability would be a message board application. Users can submit messages that will be stored in a database, and those messages will be retrieved and displayed for other users. If the application does not do any additional processing, a malicious user could submit a message with the contents

<script>/* Bad stuff here... */</script>

and that Javascript would be executed in the browser of anyone viewing that message.