XSS: The basics
What is XSS
When you are learning about cybersecurity, you learn that there are a lot of vulnerability types, and there is one that is very common to find and easy to learn: XSS.
XSS stands for Cross-Site Scripting, and is a vulnerability that allows an attacker to run scripts inside a user’s browser, potentially having the power to steal information and do actions as the victim.
This happens when the attacker sends data with his script to an application, and it without filtering the data sends it to a user and run the attacker’s script in his browser.
Types of XSS
There are three types of XSS:
- Reflected XSS is when the attacker’s script comes in an HTTP request, like for an example the following URL: http://website.com/example?comment=<script> * hacker’s script here * </script>
- Stored XSS is when the script, as the name implies, can be stored in the application’s database, in a comment or username for example
Testing for XSS vulnerabilities
Usually if you inject a simple script, and it runs in your browser, you can confirm a XSS vulnerability. One of the easiest and most popular ways to do this is using the alert( ) function, that shows an alert popup with what is between the parenthesis.
Although this is for sure an easy way to test, there is a problem to do it. Since July 20, 2021, Google Chrome disabled the alert function to cross-domain iframes.
So, what’s the best option, that also works on Chrome? As this article explains, it’s the print( ) function! It’s simple, setup-free and highly visible. For more details, go checkout the article.
XSS Cheat Sheet
There are many places that can have XSS with many ways to explore it and, luckily for us, there is a free cheat sheet from PortSwigger with most (if not all) of then, that can be accessed here.
If you like it, read my other post about Broken Access Control here.