Cross Site Scripting Attack Simply Explained
Points to start :
- XSS is most common web application vulnerability that allows a hacker to run malicious scripts in client side.
- These scripts are maliciously crafted by a hacker to perform malicious tasks in client side.
- When users clicks on a malicious link, the malicious script will run on users machine, such scripts can steal your session ID(your accounts) or infect you with a worm.
What Are The Types Of XSS ?
Based on the one persistent capability, XSS can be categorized into two types :
- Persistent XSS
- Non Persistent XSS
What Is Persistent XSS ?
The
Persistent or Stored XSS attack occurs, when the malicious code
submitted by the attacker is saved by the server in the database, and
then permanently it will be run in the normal page.
What Is Non-Persistent XSS ?
In
Non-Persistent XSS(Reflected XSS), the injected code sends to the
server via HTTP request. The server embed the input with the html file
and return the file(HTTP response) to the browser. When a browser
renders the HTML file, it executes the embedded script.
How Do They Do It ?
First
the attacker identifies a vulnerable site and then he/she injects
malicious scripts into the website for stealing users' accounts by
stealing session cookies from their browser or infect users with a worm
to gain control over users' device.
