|
| 1 | +# Cross-site Scripting |
| 2 | + |
| 3 | +  |
| 4 | + |
| 5 | +- Cross-Site Scripting is a security vulnerability that's typically found in web applications which can be used to execute a malicious script on the ***target's machine***. |
| 6 | + |
| 7 | +- There are multiple types of attack when talking about XSS, here are some: |
| 8 | + |
| 9 | + - Keylogging |
| 10 | + - Stealing Cookies |
| 11 | + - Phishing |
| 12 | + |
| 13 | +- **Keylogging** - A keylogger is used by setting up an event listener on the target's keyboard, which will track their keystrokes and save them on the attacker's server. |
| 14 | + |
| 15 | +- **Stealing Cookies** - When an attacker steals a target's cookies, they can use that information to log in as the user without needing **advanced authentication** or even just find information stored in the cookies that could lead to devastating effects on the target's online saved accounts. This is why so many websites use `SSL` or some other form of protection against these attacks. |
| 16 | + |
| 17 | +- **Phishing** - An interesting type of exploitation, an attacker can clone the website you're logging into and steal your credentials without you ever knowing. Another form of phishing is an attacker can insert code directly onto the webpage to change forms or input fields to steal the target's information. |
| 18 | + |
| 19 | +# Common Types of XSS |
| 20 | + |
| 21 | +## 1. DOM-Based XSS: |
| 22 | + |
| 23 | +- This is when an attack payload is executed by manipulating the [DOM]() (Document Object Model) in the target's browser. This type uses the `client-side code` instead of server-side code. |
| 24 | + |
| 25 | +## 2. Reflected XSS: |
| 26 | + |
| 27 | +- This is when a malicious script bounces off another website onto the target's web application or website. Normally, these are passed ***in the URL*** as a query, and it's easy as making the target click a link. This type originates from the `target's request`. |
| 28 | + |
| 29 | +## 3. Stored XSS: |
| 30 | + |
| 31 | +- This is when a malicious script is ***directly*** injected into the webpage or web application. This type originates from the `website's database`. |
| 32 | + |
1 | 33 |
|
0 commit comments