Cross Site Scripting (XSS) Tutorial
Simply put, cross site scripting involves the injection of malicious code into a website. It is the most common method of attack at the moment, as most large sites will contain at least one XSS vulnerability. However, there is more than one type of XSS. The most commonly found is referred to as "non persistent" XSS. None Persistent XSS
Non persistent as the title suggests means that the injected script isn't permanent and just appears for the short time the user is viewing the page. The best example of this is a basic coded search engine for a site. Say for example, the site search script is in this format:
Once something has been searched for, the script may display on the page something along the lines of:
"Results for text here"
If no sanitation checks are being performed by the search script, this will just be echoed straight onto the page, therefore displaying an alert or red text. If there was no limit to the size, this could be used to display anything you want. However, since the attacker can only display code on their own pages, this isn't much of a threat to other users. Although if the string was turned into Hex the search string may be slightly more hidden and with a little deception could be used to trick users into thinking the link is legitimate. Next there's persistent XSS
Getting Past Basic Protection
So what if a site owner knows about XSS, but has provided some but very little protection against it? Well, this is where CharCode comes in. Char code is basically just a simple form of character encoding that can encode blocked characters so they get past the protection but still get displayed normally on the page. Here is a very common one that will pop up alerts saying "XSS" if it is vulnerable:
';alert(String.fromCharCode(88,83,83))//\'; alert(String.fromCharCode(88,83,83))//"; alert(String.fromCharCode(88,83,83))//\"; alert(String.fromCharCode(88,83,83))//-->">'> alert(String.fromCharCode(88,83,83))
This is a very useful XSS to know, as it provides more than one type of attack at...
Please join StudyMode to read the full document