Wednesday, 29 May 2013

what is cross site scripting XSS and types of cross site scripting XSS


what is cross site scripting XSS and its types

Today I will explain you what is cross site scripting. In my previous article I have explained that the top security flaw in a website. According to the open web application security project cross site scripting XSS is very common security flaw in the website. This threat very dangerous for the website. Most of my fans and followers ask so many questions about cross site scripting XSS. As I am security researcher I have also found 100 Cross site scripting XSS on website.so I am going discuss with you complete guide of cross site scripting So guys lets

what is cross site scripting

If you want to find Cross sitescripting XSS so you have to learn following prerequisite

Basic Knowledge in Hypertext markup language (HTML)
Strong Knowledge of JavaScript
Basic knowledge of HTTP client server Architecure
Basic knowledge of (PHP, ASP.NET)

What is cross site scripting XSS?

Cross site scripting XSS is one of the common website security flaws that allow a Hacker | Attacker to run his client side scripts like JavaScript’s payload into website that is viewed by others. with the cross site scripting bug may be hacker bypass access control .if hacker successfully exploit cross site scripting XSS so then hacker easily do steal account, phishing attack and many more. In simple word with the help of cross site scripting XSS hacker inject his malicious JavaScript payload into website then a user visit the website link then it will execute the malicious JavaScript payload.

Types of Cross site scripting XSS:

There are two types of Cross site scripting XSS
1. Persistent XSS ( Stored XSS)
2. Non persistent XSS ( Reflective XSS)

noman ramzan cross site scripting

Persistent Cross site scripting XSS:

The persistent XSS also known as stored XSS. As shown with the name of stored XSS and this Cross site scripting XSS stored somewhere. When attacker used Cross site scripting XSS malicious code inject into the website and then this payload saved by the server in the database and then is will run in the normal link of website.

Example of persistent XSS

There are so many website which support the forum and where the user register and ask a question like answer.yahoo.com. if the Hacker post a message with the malicious JavaScript payload then if the server fail to sanitize the payload and then code execute easily. So whenever user read to this post and open a link then inject code cookie stealing of a user and then hacker easily bypass his account.

NON persistent Cross site scripting XSS:

Non persistent also known as reflected XSS. This is very common vulnerability discover by security Researchers. And this is find in the search filed like search, contact page and subscribe email. in this attack hacker inject payload will send to the server with the request of HTTPrequest and then server embed with html file and then return HTTPresponse to the browser. When the browser execute the file and then it’s also execute the scripts. so it’s a reflective XSS.

DOM based Cross site scripting XSS:

In the addition to these types DOM based XSS also third type of cross site scripting XSS. This is very important part of XSS. Most of the big website like Microsoft, PayPal, Nokia, eBay and many more website. Later on IN SHA ALLAH I will explain more about DOM based XSS.

XSS attack cross site scripting

so in my next tutorials . i will tell you about how to find Cross site scripting XSS. and if you have any problem or any quary so you can ask me

Posted by R2blog. R2blog auto post for blogspot. Download at http://R2blogger.blogspot.com


0 comments:

Post a Comment

 

My Geek Tricks Copyright © 2011 | Template design by O Pregador | Powered by Blogger Templates